982171b4e8467d0a40354617293b361f3dad719b47f50e8fe1311c49f6384250

Analysis

max time kernel
141s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a71a73e16592ae3002f1b66357dc7985_JaffaCakes118.exe
Size

18KB
MD5

a71a73e16592ae3002f1b66357dc7985
SHA1

c32432bdbe34bfb7e00fdccf76b879bac47b21fc
SHA256

982171b4e8467d0a40354617293b361f3dad719b47f50e8fe1311c49f6384250
SHA512

a0af1b2b8e8bb98ee70e2e60c56a565e6245cf84b971db97a58c6e4ecb5c4893b96a73b7fabe7163d100f40f4e614317e1aaa880646e3730fcefad7c9542eadc
SSDEEP

384:R36z+lbn2ztxKQrv6WZVYxSps2BjtCzijqJEdi5N8M3:R3e+lbn2/7b3OSq2BjtCzMq3oM3

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
528	a71a73e16592ae3002f1b66357dc7985_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/528-0-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/528-8-0x0000000000400000-0x0000000000413000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a71a73e16592ae3002f1b66357dc7985_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
528	a71a73e16592ae3002f1b66357dc7985_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a71a73e16592ae3002f1b66357dc7985_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a71a73e16592ae3002f1b66357dc7985_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\qrqwerwqer.dll

Filesize
13KB

MD5
93894480064296aa2d0cad4679e1ca9f

SHA1
57761014354ee8d74968bfecfddf990706040ee7

SHA256
89fe09925a664ed7bd60a909f409c79c360548c116d7b5748ef937126253d62d

SHA512
b680ab12ef1db4bafb83473785a75d171d96d9694ad10112efed06663eef40c2c10253921f9c14d8ce8482002231652ea829678050205d56a760b430efc82a09

Download Submit
memory/528-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/528-8-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download