19bb4f4682a62d735abfe90b763e1f816eec9d4b1bfe65fe91627f5195c38f9f

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe
Size

21KB
MD5

a3c9fbbb04a0ab969043ac6b9c1ed15c
SHA1

12edc4b827f3124b701c36cda9c1f31eeeb73696
SHA256

19bb4f4682a62d735abfe90b763e1f816eec9d4b1bfe65fe91627f5195c38f9f
SHA512

a690756aa15ff872688a08455eaa84e6bb200cf35c375ea8a75bd12fae8f9aaa19bbbc1121d016356dd58e98e575e8a8bf210e6d3074405d27deeb40f39b07c5
SSDEEP

384:LMXLW0mOKsAY2LyjvUmEdeqQPwJwt/O0dLkWm/j+3paeJpqON:0W0L+Y2mjsmEgqQPEwtW+LFm/iWi

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1604	a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1604	a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe
1604	a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe
1604	a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1604	a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a3c9fbbb04a0ab969043ac6b9c1ed15c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\WowInitcode.dat

Filesize
24KB

MD5
71e35796ebee6d75d892a2bd73bfd68c

SHA1
b846520fe8ed242263af741ed0af4ba766249de0

SHA256
4d14cd6027a73ab8dbd8216fff449c2a8262ea419693fe2c327fb4606991f3ba

SHA512
73e2becf3112ebf4c3b463f6190bc0dd21d7d80751debfcde35bde92cd61580fc2cb0ab1b7a63ca5c3128aae2630dc65bfc6651d0d35f88baf5fcfa44250e4ac

Download Submit
memory/1604-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1604-6-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download