43fc888c86ca530aadddf0b7a3874981fdbf6ffdfeb17566e669964b8fc158bb

Analysis

max time kernel
141s
max time network
140s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5dbf2b7cedc1bc16324b906d6c4e79c_JaffaCakes118.exe
Size

457KB
MD5

a5dbf2b7cedc1bc16324b906d6c4e79c
SHA1

d78da1c2d3fc9e3a6039537e0901986637b21822
SHA256

43fc888c86ca530aadddf0b7a3874981fdbf6ffdfeb17566e669964b8fc158bb
SHA512

58a205edfd79458686035063c50afc301771fdbba1150201c64a4fae279a648c05b9055b1279587ab2715b39a4d1446f7c419402634e254a4ac4da679695a518
SSDEEP

6144:WpvhSvqHoHPjfx5ONI/nwugiLGCnNYkgRzw/4nVZeg9ZJm1N+SdfmK/SAy0:svhSyILJ5bnwuLL9nN8wy59ZI1wpay0

Score

5^/10

discovery

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2660-39-0x0000000000400000-0x00000000004B2000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a5dbf2b7cedc1bc16324b906d6c4e79c_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2660	a5dbf2b7cedc1bc16324b906d6c4e79c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a5dbf2b7cedc1bc16324b906d6c4e79c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5dbf2b7cedc1bc16324b906d6c4e79c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\disable.gif

Filesize
95B

MD5
17ed44fbb41d2582e5fdce0cf8f6f5c8

SHA1
ef2e3d9a288279bf8f9aa8a90632c36e03cf0dd4

SHA256
94d67732be172a0f16383fe05b711419adaf847873f0a8786262d42a4eb65b32

SHA512
865e5f71b517c79f196b4b90d6208120ae62c092a14eb4e4bbb508db4c9f73b191ed29e967658c26ac81902890188f2ea921a7baa43fac89e46cf5b893287ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\logox.gif

Filesize
28KB

MD5
0e9addb0fb4415daaf68cfb63377bde9

SHA1
d25e042177906c8c9800f206bea3e3af8be7701d

SHA256
fa64a812e738a1d69946fac117cd94cd34a0ae57d396fccbc849f3a87ace184d

SHA512
875a3f42ad4e6845506f5ffafef8848ea369ec07af1b4da7329269a6a488097e26f380a4fb2f75da67adbbcca5a1019ed7195f04e6980138f1761fd62cc0c4a5

Download Submit
memory/2660-0-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2660-1-0x0000000000130000-0x0000000000133000-memory.dmp

Filesize
12KB

Download
memory/2660-39-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download