2a17eaac08d2b298198c0864f26780fcb1856e62c496945004f65acd031365ea

General

Target

afc6c168d58cbd3ad224fd96ca077058_JaffaCakes118.exe
Size

1012KB
MD5

afc6c168d58cbd3ad224fd96ca077058
SHA1

8e9bc17a25c8a052f407c2e2282ad2068c2a4904
SHA256

2a17eaac08d2b298198c0864f26780fcb1856e62c496945004f65acd031365ea
SHA512

425597e63c50dad92c9cdcb5cb752c1f58ed79c6facfcba9a240393565f0798bbcc0d0ceacaf947c21ff06b34cb7ad8eef7d4902eef9475c04d6442224fd845d
SSDEEP

24576:Ww4OV2P++hd7EK3PMYYtkyBVOitwblfCJBg:WwpYOK3PMVtkySiK6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2304	afc6c168d58cbd3ad224fd96ca077058_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	afc6c168d58cbd3ad224fd96ca077058_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2304	afc6c168d58cbd3ad224fd96ca077058_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1692	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1692	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\afc6c168d58cbd3ad224fd96ca077058_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\afc6c168d58cbd3ad224fd96ca077058_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ac 0x384
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CD4D3A5\bass.dll

Filesize
95KB

MD5
fedd2cea478da0d6d9d6799d4ec350af

SHA1
150a3e20173f84afad54652233f4fca9a545d9f5

SHA256
4e7b44ecfada6d59290b28ad5262a686e34ebf50ac859493c511bba18f38ad06

SHA512
123ef3d85fec64962db8bcef96116f240fad919c8dddb802d3ed78d34aea60c4ca518b620c89da1e7b4d85dcbcd6524a7bcf3924488a53376130152ab940c898

Download Submit
C:\Users\Admin\AppData\Local\Temp\CD4D3A5\seed.bmp

Filesize
1KB

MD5
927367fa6afc728d6cab2df0977f9f64

SHA1
19bd6cda458b3d6b4c1d9251aa00a0ea0a7066b1

SHA256
37091ce95a311d1e10b7d9365aadad37c90d1304d4f61a33df4f980ca718ba42

SHA512
ddc60542b3eca0b96fa5bc5c883c303638c1f4ce9d66d0d6c6c5c995c24a199da7b3ccdc5c5d82987ba7bc5b7e88eab28cd4568384be4fe201b3db749c344c6b

Download Submit
memory/2304-44-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-58-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-32-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/2304-35-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-33-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-34-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-47-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-36-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-39-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-38-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-41-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-40-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-42-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-43-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-61-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-12-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-37-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-46-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-48-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-49-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-51-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-50-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-53-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-52-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-54-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-55-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-57-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-56-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-59-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-45-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2304-60-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2304-0-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing