591b122d23efa14a58a4f729deeb185b6b689c6ef527ba0fec7ea884f1f1dbeb

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0d00313c972ce99ea0742e243d76f05_JaffaCakes118.exe
Size

1.0MB
MD5

b0d00313c972ce99ea0742e243d76f05
SHA1

73b4e82555df00b257d7130405edee9dce1c820a
SHA256

591b122d23efa14a58a4f729deeb185b6b689c6ef527ba0fec7ea884f1f1dbeb
SHA512

07ff6373e9dff24329cd7984a58aa55bda179eaf53d71a49da9a715c0b7b4578a9330ce343843afff248337fa8043133bfca49823b8f7b4303320c33ed91136e
SSDEEP

24576:S4Z0Noh24Z+NL3+IYsa4LlLlrjtOzQ8f1PBCafLrujSDXL5u8:mN4Z+NL3+Wa4RJrjtOzQ8f1P4mVJ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1996	b0d00313c972ce99ea0742e243d76f05_JaffaCakes118.exe
1996	b0d00313c972ce99ea0742e243d76f05_JaffaCakes118.exe
1996	b0d00313c972ce99ea0742e243d76f05_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0d00313c972ce99ea0742e243d76f05_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b0d00313c972ce99ea0742e243d76f05_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b0d00313c972ce99ea0742e243d76f05_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\GLC1FFF.tmp

Filesize
162KB

MD5
5758cb6e80bee4cda2944baa83c9701c

SHA1
b853b60e7a1cd0f8f4915444b8a3a7791ead5baf

SHA256
bb302cb17ec1abf9e78b97cf88cda4651ab754b073897966b3550bda6e044964

SHA512
92829e74d4a385c228c54c68fbe4a64fc55c0a128032aad69cf1a01e613d45958c72a190c45e9faf161278cf1df85c886734e76f1ba97a7ea84bd3fd4680e449

Download Submit
\Users\Admin\AppData\Local\Temp\GLF2BE6.tmp

Filesize
9KB

MD5
c076a7ecbb81fcaa384d8b2835da97ff

SHA1
ebc1200cd9ff02e7d74104ed724e8a34af55580c

SHA256
0dc33c87623e0ab1049a3ae27e73ad915b1e4719d15eb229920598d4dcaf46fc

SHA512
33ee44d3c22f0cbaf5f19bff0b453e05146989dd415081a6e78ee708734b63fdbe5d3cc076c8b32165c90f85f8516b8af24dbc8a0988e0bcc68f6e0ab1749d5c

Download Submit
\Users\Admin\AppData\Local\Temp\GLK203E.tmp

Filesize
36KB

MD5
23d1c6dc9339e19694537efd55d96324

SHA1
828afd6c518705e980748c3441deedb09c53d428

SHA256
1c68833e01b6ea8e03a0dc6038739aa5c78f016784a47782780ea17a92852b34

SHA512
954a1306df90d600a080c7a0317d62fb4743cd138ec5b9fa252d13ef4d23b015ab2d9611fcd7f2e41b1a33c39b7e78f89d2637337417cfb537ad7d3e94a4a049

Download Submit