56d33bf1c1dfc42b17ef0e49e20b5314b8613ce62963c9026c7e602066c8487e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94fb6a2cb707a85ee7ce8094b662c984_JaffaCakes118.exe
Size

159KB
MD5

94fb6a2cb707a85ee7ce8094b662c984
SHA1

1368a4e42f5194027b8b7428145076713a502a02
SHA256

56d33bf1c1dfc42b17ef0e49e20b5314b8613ce62963c9026c7e602066c8487e
SHA512

e2f78ca59a2e19d0ea17f5d11090d4214388a47803a5747d4a0dca09df8b05a94a36fd221ea649982324e13d223d4876c31c7f8317571c232245837da7b4834a
SSDEEP

3072:tZmvmDVYTY0kER3zTWHMd91slXkWH8MBCRVwLckmi4Kr502SZNTWyh5W1G+ZhuRu:tMsYk0ku+HMNslUWcr3kv4Kr5xSZELsQ

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2884-0-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral1/memory/2884-29-0x0000000000400000-0x000000000046A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	94fb6a2cb707a85ee7ce8094b662c984_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\94fb6a2cb707a85ee7ce8094b662c984_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\94fb6a2cb707a85ee7ce8094b662c984_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\inc.exe

Filesize
2KB

MD5
01f0c5a0c1686f5a68df23360bc05c33

SHA1
d24c7b8c4ab91b62a8179e3f8e7ee3d66a699575

SHA256
95a464c7f16ff918aae7c277a5f1e1c9854101289694509ec29f4c41a57d9e94

SHA512
e3b408fa161cab6a7909b201d2c7c22a7acd11146b0f5f2b07d5b9b0f8ab6c8dd01b43b653607f74554e763a8eae52508024320f22c4ea1e98a998a258f5d7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\inc1.exe

Filesize
2KB

MD5
441f449d9ca7b7cbbc8665280be72a0d

SHA1
7977d5101ea68d1c1466ee9bcccba340f39459ec

SHA256
e159906d4d22345b7d6e68cc0300d1963748a1bfc19bfc7e98d151ddc5c4ba4c

SHA512
3c1d1330e40cf38d63622c5c54c04577d4ec0b7a347c0687102f6d7d7ff74e5b5369ea53758f240dc14801aac4aef9a1d21239b2db559d4e8e3322793acd70b8

Download Submit
memory/2884-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2884-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2884-29-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download