35e97c58c79e343b4bcd892c373029113ccc157822160f4341bae276ba7e9216

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
Size

838KB
MD5

973627fb51da0e3fb4be6cbf4df8c1d0
SHA1

44102f7000ceeeed3118a0d5c02dd9342585e1e6
SHA256

35e97c58c79e343b4bcd892c373029113ccc157822160f4341bae276ba7e9216
SHA512

cd32936ccccac2c0ea63d052dc74360e5baacb52f48301e6618e66bdc442cf57439516da0469c7ed277e72842971a4ec5e3e02a25b1c70edbdc70d05acb3aada
SSDEEP

12288:dv1Y4CbZaV7fcZNWhjv7t5pIp7P/42uyLuA/2+FV75SpM6eaXpYcD3hviDfe2ZQN:PFwMfGwft5p0LluA/2+TcMwtBofr6uh6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SRCheckPermission.txt	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\SRCheckPermission.txt	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2208	973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\973627fb51da0e3fb4be6cbf4df8c1d0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso7975.tmp\ioSpecial.ini

Filesize
1KB

MD5
d01382f6c9c32997aadd9c7e28ad3b65

SHA1
e2d0d41b4e08db74e1c30682a17a6d85ab5f5c49

SHA256
655fb1f12b11217750f5a3b08c94dc0ffa44cadd3cec301c9b7efb6cf864cebe

SHA512
07bb70d4fd314dfc8394ac4f45f0228241252209716e2c03580267428152b44ae33468367e813ee5c53b514e76b0fba09d94e8620969317f7df56abc41b60b09

Download Submit
\Users\Admin\AppData\Local\Temp\nso7975.tmp\InstallOptions.dll

Filesize
14KB

MD5
7e49eb67f1f3c62bb8c4b0a868b30645

SHA1
2be42e3c6059485bc3b624a537ab1fb36a10a263

SHA256
17f0946e0847bbaa6a06eb58aead13fce22a8606e9b3744cd2241debdf8d8bae

SHA512
469c28b6da5b9499fd417f8cd74414d6c6edcbe6567eecc9421a69797a77ec323936deb96cd151611da57e311074ec0c56d82a9800d7aebac9538a947284ff9e

Download Submit
\Users\Admin\AppData\Local\Temp\nso7975.tmp\InstallerHelperPlugin.dll

Filesize
49KB

MD5
52a442935d96e94c780ca616feed71f3

SHA1
45e3d0af4e7582a0241433de6a73571100334b83

SHA256
ea67e8f37654c7278903c73d62fbc8ec183881ab32feee5e2109c84715e63ecc

SHA512
289accf4ae88bd34f02577d7f1339a551c5e2230c354663c616a887f1c54630e044e7be2ae68035ff660d75eaa1e313c3aad35f1548a0b16842da7d7375f199e

Download Submit
\Users\Admin\AppData\Local\Temp\nso7975.tmp\Uninst.dll

Filesize
47KB

MD5
68ffd98799c7122e62b296358b8c5faf

SHA1
b8da4b95fc4aaf2f6eff7dc8d0e2eef387c7927d

SHA256
6e0ab96043a172f9bf9e575b39eb459487d983281233228b387ccedfef9ce51f

SHA512
b96b7e9e2eb1c5c533ae0d9ac5ff9991b3565e83e13c2f109ef04438bf5d425aa878a9b13395d286dfcd3c1084ba584f1f5a90faa3d1bd825ce37ad59f5105a7

Download Submit