f5a7d0c5a6a6e106ab44c276fe00a9f3fefde65de49fd3eb0324dcb7dd4186b1

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9c927e097359e1444c55d3d8a799b1c_JaffaCakes118.exe
Size

257KB
MD5

a9c927e097359e1444c55d3d8a799b1c
SHA1

cdc1129d397e5878183aa3a6b7164db3e04eeeb5
SHA256

f5a7d0c5a6a6e106ab44c276fe00a9f3fefde65de49fd3eb0324dcb7dd4186b1
SHA512

0f750200640e935e7ecd53e45332ab147db2e8c921736922d50afe639ed76a0e64fe851abf39de58be56e1aae767ef9bb557e73e73561d4d2f554a4ab707e41c
SSDEEP

6144:23tBVgceTKJr7IDmVONuAgH+8RdtYL9o2b1ZC4wfHINUwBfdpkd1y:23tDgceZDmVOkHRYL9o2bG4wfHeUwBfp

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2332	a9c927e097359e1444c55d3d8a799b1c_JaffaCakes118.exe
2332	a9c927e097359e1444c55d3d8a799b1c_JaffaCakes118.exe
2332	a9c927e097359e1444c55d3d8a799b1c_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a9c927e097359e1444c55d3d8a799b1c_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2332	a9c927e097359e1444c55d3d8a799b1c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a9c927e097359e1444c55d3d8a799b1c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a9c927e097359e1444c55d3d8a799b1c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\5CD2C908\_Setup.dll

Filesize
130KB

MD5
4b254e3e77b750870d2778c9a6bde57c

SHA1
5efada7199a94d7db83f8899b8b3ac6760b220ef

SHA256
71d4a234ff22d9b4e6b682440970a61d018625d82e63a31351f4520245e826bb

SHA512
229f37e63d987cbd503ad03487727e592d0872759fb8ff9e77175bd56fa36afb006e62c69219241bc6a6b63153c377046cad314614afed7c036eac693a786e82

Download Submit
\Users\Admin\AppData\Local\Temp\5CD2C908\_Setupx.dll

Filesize
22KB

MD5
56640a54d5c551889c234b4094a06f89

SHA1
3087f00d056ada8055015f832832a0b6b82225ac

SHA256
dad8a62f875bdbe0d0da8dc65c8e13e6d14fc6a3fe293230382e1acf629bed25

SHA512
d521bd45a04506dfe269e2ab6c47d4a1dcdb037be4e20750af2aaa52715cf750df20b9ce67a99efb26169362c4dff03921cf7c70e70e86352e552849570ac192

Download Submit
\Users\Admin\AppData\Local\Temp\Tsu-091C.dll

Filesize
249KB

MD5
c147e4237b78ecd1804e8ed89aec3c5c

SHA1
74f7a58bc08794ec138205b18640ef487cea2d5d

SHA256
e0798d55f6f58944c03c739416b80794fc7b896a58f360d56ce40c84634c8511

SHA512
02f8730a8169f6029e80e5d79c1656e3d73838cde16ee137d7b764f5c725e8888f4ea81023c97e036b4fc262c679efe1fef66290e9028b631ca5b73efa4561a0

Download Submit