07e5b8c10bc10167c69dd75279489113b58e1b2a3ecdfd86dac2747ce9a00ad9

Analysis

max time kernel
115s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae9fcf40527616095cb7d4384efa30fd_JaffaCakes118.exe
Size

271KB
MD5

ae9fcf40527616095cb7d4384efa30fd
SHA1

900253add06cef3e9e590dd1156e1f91cd52da61
SHA256

07e5b8c10bc10167c69dd75279489113b58e1b2a3ecdfd86dac2747ce9a00ad9
SHA512

f3e499c963c775cc637125ad271461402007062919ccf2bf0912306ea022b15a325e650f10b1ed8dfebea6e57bfc38cc6c64b14282c042866109f12aab63814e
SSDEEP

6144:flxMQnkXdukexqpL72mEv5HBP5BmtRu7rHrIGNSRRcFhRqq/x:flwtQUpL6TRvBmtRurIGNSRqlqq/x

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2544	ae9fcf40527616095cb7d4384efa30fd_JaffaCakes118.exe
2544	ae9fcf40527616095cb7d4384efa30fd_JaffaCakes118.exe
2544	ae9fcf40527616095cb7d4384efa30fd_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ae9fcf40527616095cb7d4384efa30fd_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2544	ae9fcf40527616095cb7d4384efa30fd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ae9fcf40527616095cb7d4384efa30fd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ae9fcf40527616095cb7d4384efa30fd_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Tsu-09F0.dll

Filesize
249KB

MD5
b2ff615df5dc0ee7df0a8fc91af546e1

SHA1
972f266ff94365a3be690a82813654e61f205ece

SHA256
0972efe30eaa01a90145429a5c76e93a97b2152eef66ea344ef4031a7cf54d14

SHA512
fc656b64816013bec7ab6db802374fe9bdee1f9997febc04ff5f27ade7d2560c1c3dc03e9ee0898082dc83c4cbf3fb19e5f7835137cfc62443a037112fb1f31f

Download Submit
\Users\Admin\AppData\Local\Temp\{E23C9A60-CC70-6F5F-8DB4-845239DFB896}\_Setup.dll

Filesize
163KB

MD5
6c7e12d1196bd6169987052f44d45a03

SHA1
b54789fe96c9c8dba50182e978e15867f16349c1

SHA256
94e5560e05059314dd7a71a9ec85e3417b2877b769efa0d22a41056aab3151cf

SHA512
aa6f1466346bfb640beb5a5ed037b62df3c8b349e052cb16f311044326eced07d00497ea7c074d9a76196eb1165013be38ec8e6c863460151c9db00d6fda0f7a

Download Submit
\Users\Admin\AppData\Local\Temp\{E23C9A60-CC70-6F5F-8DB4-845239DFB896}\_Setupx.dll

Filesize
25KB

MD5
e0bc033ebd368936b8fb4be01d94d897

SHA1
d8c8a3b119e45b940ecb9923da4647a044c4d0ec

SHA256
6dca6d725304945bdf32423e4247f24a681764fe0be8295ab3abf3123e11a011

SHA512
5f9901208561e9c54f744f6d018b04d76e2093cd584fe4bd7e13f4d5e8d25c70c83f157898eec638d810f50a2d9fc75280b45e7b55908de6dc312e0b29e8b646

Download Submit