6c57fa8f90706b87bf73c92787f290dfc848af62c63387cb95e890c4bad810f8

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12-08-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe
Size

170KB
MD5

8d62d84ca397d35f08682e857058e990
SHA1

2f55b7c96c1b0ef80eb9a59082b3b1e19e542ab6
SHA256

6c57fa8f90706b87bf73c92787f290dfc848af62c63387cb95e890c4bad810f8
SHA512

c3db2e2fc094e6fb748cd8774ee2f5733700554e4a1cc46b00b21b56f4b5b4eac465be894e8177c695f3eaac04ad72c5da24ff65bd86615b4c7cd326a6cd6433
SSDEEP

3072:gBUIYrsgIDmJxsu1RuXMWRQ1fwnrsFUJGaENG9/uCUriLx2zHDUO9oLbqiU6RIL7:gGsbuLuVQUa366i4HUO9oLbqKRIL7

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\hcpidesk.sys	8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\hcpidesk.sys	8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe

Loads dropped DLL 3 IoCs

pid	Process
2172	8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe
2172	8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe
2172	8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
476	Process not Found

C:\Users\Admin\AppData\Local\Temp\8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8d62d84ca397d35f08682e857058e990_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dosss11.dll

Filesize
84KB

MD5
aad071fb496bfef658cc8cd3c4803b54

SHA1
0a03c4f2e2a51623f5be607b99f65e9c1559b132

SHA256
109d8af5fc9cec3ee43365304fb80f9138ee708742fffbb443e30d19a4443f26

SHA512
f97826c9999cc0f1ff12f721da899cf19b9c4b1ae33b0edc048b86ff68803ad74f7a268ade9d81797942bb18cb83560425eba8c72972e37cd870a59ed90973d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5562.tmp\System.dll

Filesize
10KB

MD5
bf01b2d04e8fad306ba2f364cfc4edfa

SHA1
58f42b45ca9fc1818c4498ecd8bac088d20f2b18

SHA256
d3f9c99e0c1c9acd81a1b33bc3dbd305140def90d10485c253cf1d455f0dc903

SHA512
30ca1663d659c5efac7fed3d1aaba81c47d5d5fda77f30f021124c882b858732e17f917bfd0aa3ee7b269fad86e75b1b9388d8f916e7a4e2c9961669f2c772e7

Download Submit
memory/2172-12-0x0000000000BA0000-0x0000000000BB7000-memory.dmp

Filesize
92KB

Download