fcc897db59158b8aeb488ef3d87a82221ba00311efa2fd29228472dee531944a

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 13:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a6deca06e49f9f15e26eacf5cad68dae_JaffaCakes118.exe
Size

65KB
MD5

a6deca06e49f9f15e26eacf5cad68dae
SHA1

2ab242129bbf8db000a9c498a4ac03aa6da4d1f3
SHA256

fcc897db59158b8aeb488ef3d87a82221ba00311efa2fd29228472dee531944a
SHA512

3711e36de4cb4a7ffe9f140db452994103d6326c1a88b107211f7116edcdce3e787d0960078d9effdbf8ff599b4f4cce023845a7ae897833a0905cc739f1da4f
SSDEEP

1536:f91ZUSihwd2+hlByTHL0pX8ob6ICY5yT6mkllFllIIBZ:f/qShd2+hO8sobvke9lPlII7

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	a6deca06e49f9f15e26eacf5cad68dae_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6deca06e49f9f15e26eacf5cad68dae_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a6deca06e49f9f15e26eacf5cad68dae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6deca06e49f9f15e26eacf5cad68dae_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2380-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2380-3-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download