6b28d414e40967e1a7738a9cbc864cfff95f59da0d477b333a78b90502a69058

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 22:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

acd30dbe0164a548baa11c7bc0f8fc03_JaffaCakes118.exe
Size

1.6MB
MD5

acd30dbe0164a548baa11c7bc0f8fc03
SHA1

de888f857b0d893627fb5b8fc2efdc250b804c8d
SHA256

6b28d414e40967e1a7738a9cbc864cfff95f59da0d477b333a78b90502a69058
SHA512

7b2a515c1d777c9dd5a6d1d9e4f2f8120a87c933c243ba763880069ae410a11365e019c7e7d7ccd3be95681eb80ee6ea1f4e8ae6b40711df6b1d2cf96aa4237f
SSDEEP

49152:w/HMJh2aFdmUS3MyS4YpGf7CZV2UW2i+vwXQY:AHUp4eySsG7gXQY

Score

7^/10

discovery

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	acd30dbe0164a548baa11c7bc0f8fc03_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acd30dbe0164a548baa11c7bc0f8fc03_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2432	acd30dbe0164a548baa11c7bc0f8fc03_JaffaCakes118.exe
2432	acd30dbe0164a548baa11c7bc0f8fc03_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\acd30dbe0164a548baa11c7bc0f8fc03_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\acd30dbe0164a548baa11c7bc0f8fc03_JaffaCakes118.exe"
1⤵
- Checks BIOS information in registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2432-0-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/2432-1-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/2432-7-0x0000000000401000-0x0000000000477000-memory.dmp

Filesize
472KB

Download
memory/2432-6-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/2432-4-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/2432-3-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/2432-2-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/2432-8-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download