28411261cb3f27081f910190d1c7742fb805185430af10131d5b39fd2e39c832

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a31156b8d80a68e8f4354c63e0747beb_JaffaCakes118.exe
Size

3.2MB
MD5

a31156b8d80a68e8f4354c63e0747beb
SHA1

185705e7d217132a104dc3f4ee12a72c7e8749ce
SHA256

28411261cb3f27081f910190d1c7742fb805185430af10131d5b39fd2e39c832
SHA512

33db65bf69a721be613316b729c06137ae4f323314b707f591b09f06f10dab2643f36742a457d04b5816e6e2aa795d78f01987ca173bd4ed0f0845279d2c96eb
SSDEEP

49152:a9r/Wx+GhZdsM+1GfhXM5uOMkbKH+1Ma6h2ZoHrkQb7MOBIfn2vrPLuG:ASgsdiM26+1MaO2iRTIv2vrjp

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1900	a31156b8d80a68e8f4354c63e0747beb_JaffaCakes118.exe
1900	a31156b8d80a68e8f4354c63e0747beb_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a31156b8d80a68e8f4354c63e0747beb_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1900	a31156b8d80a68e8f4354c63e0747beb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a31156b8d80a68e8f4354c63e0747beb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a31156b8d80a68e8f4354c63e0747beb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoD74D.tmp\ioSpecial.ini

Filesize
692B

MD5
86891a8b49ef3e998e9ebf4658f6398b

SHA1
466f130a245670abd78567346f7a67d0abaf6baf

SHA256
9de382ac4c2f9e21ee99d7dbcb1b5dc1d146776907271374b6dc93ee32f74edc

SHA512
57f2b1fc50d33837e62d58277a3851172f875589d10c94045883a3c7ea3cb600ab8db463e2d2967cbbe6c3a50750210660148194181c642f7a40a7a00daca95b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD74D.tmp\ioSpecial.ini

Filesize
705B

MD5
08d01eed4b38a4201a4b16033f696e83

SHA1
aca8a21e8ceb547b1f9799032ef8f859c224dfb3

SHA256
81fe2fae11db4b0f5828695e348ae12847951cb0bc21437d206bb2be1b5fa624

SHA512
9b4d564aa36920b39cf934a3a8f2c23c9890c72f554ad4bc23e1b02a6a00da29c7ae05d0671a20c8174e2916bb9b901a61415da280441b3cb9f84754dbdc2247

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD74D.tmp\InstallOptions.dll

Filesize
14KB

MD5
14c212bb2fa90fe52a6424b955c86ad6

SHA1
9e94f8ad17ff9b6b31e5f029ee5f726e307ac8ee

SHA256
1854afccace3053dca2707b10609ea78a30f0ee853bdb9f251c076317ee53120

SHA512
d42fa579f93b98d1446daf3d0734c19838fa310ef27cd05344e25d9f86ba37a5fa1752236e5de4df7c9f414236538bd7431bffda126fb9c74fd112539de0e713

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD74D.tmp\LangDLL.dll

Filesize
5KB

MD5
7e856702410e5598296a9c056c273db2

SHA1
1711125771f4e364717079aae5e4419ac3d69a5d

SHA256
394d7d46b5e1ea621cfcc4f0bc8609d5ad8d42074186cddb737f3abe10874403

SHA512
34ae337e44a5ce9dd17e4c726977f895b90614e02df09d9db46d7e6905850b05b44a4951508c07272acc2683454c1bc949ee1f83e14592e7400bdeae2033c886

Download Submit