56ed04635572b43b313013e4958e88732661dd817b5a0bcfbe2afa807ff5262b

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5a62e85c9309493223ffaefa9a534b1_JaffaCakes118.exe
Size

269KB
MD5

a5a62e85c9309493223ffaefa9a534b1
SHA1

7deb288254417f811f789387c6c6a8deba0fea57
SHA256

56ed04635572b43b313013e4958e88732661dd817b5a0bcfbe2afa807ff5262b
SHA512

e56c92b61a1299813d24601b48a15aee5655745e7d48af78e2ebb209d315263612a5df808569d0816faabd0b4448d51f63d29d9df14cfaf9de23e1c85c3c74db
SSDEEP

6144:YlxMQnkXdukexqpL72mEv5HBP5BmtRu7rHrIGNSRRcFhRqq/v:YlwtQUpL6TRvBmtRurIGNSRqlqq/v

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2052	a5a62e85c9309493223ffaefa9a534b1_JaffaCakes118.exe
2052	a5a62e85c9309493223ffaefa9a534b1_JaffaCakes118.exe
2052	a5a62e85c9309493223ffaefa9a534b1_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a5a62e85c9309493223ffaefa9a534b1_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2052	a5a62e85c9309493223ffaefa9a534b1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a5a62e85c9309493223ffaefa9a534b1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5a62e85c9309493223ffaefa9a534b1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Tsu-0804.dll

Filesize
249KB

MD5
b2ff615df5dc0ee7df0a8fc91af546e1

SHA1
972f266ff94365a3be690a82813654e61f205ece

SHA256
0972efe30eaa01a90145429a5c76e93a97b2152eef66ea344ef4031a7cf54d14

SHA512
fc656b64816013bec7ab6db802374fe9bdee1f9997febc04ff5f27ade7d2560c1c3dc03e9ee0898082dc83c4cbf3fb19e5f7835137cfc62443a037112fb1f31f

Download Submit
\Users\Admin\AppData\Local\Temp\{154DB46E-D88C-D08D-3266-90AECEAE9698}\_Setup.dll

Filesize
163KB

MD5
6c7e12d1196bd6169987052f44d45a03

SHA1
b54789fe96c9c8dba50182e978e15867f16349c1

SHA256
94e5560e05059314dd7a71a9ec85e3417b2877b769efa0d22a41056aab3151cf

SHA512
aa6f1466346bfb640beb5a5ed037b62df3c8b349e052cb16f311044326eced07d00497ea7c074d9a76196eb1165013be38ec8e6c863460151c9db00d6fda0f7a

Download Submit
\Users\Admin\AppData\Local\Temp\{154DB46E-D88C-D08D-3266-90AECEAE9698}\_Setupx.dll

Filesize
25KB

MD5
e0bc033ebd368936b8fb4be01d94d897

SHA1
d8c8a3b119e45b940ecb9923da4647a044c4d0ec

SHA256
6dca6d725304945bdf32423e4247f24a681764fe0be8295ab3abf3123e11a011

SHA512
5f9901208561e9c54f744f6d018b04d76e2093cd584fe4bd7e13f4d5e8d25c70c83f157898eec638d810f50a2d9fc75280b45e7b55908de6dc312e0b29e8b646

Download Submit