7d526af590b29afd1733b6974e89086a875eb18b760acadbcc7f8060d599bc74

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b81ac132354b72d74db608226565c8eb_JaffaCakes118.exe
Size

1.4MB
MD5

b81ac132354b72d74db608226565c8eb
SHA1

57c74d8fc7245810b4989199f040a233fe91752e
SHA256

7d526af590b29afd1733b6974e89086a875eb18b760acadbcc7f8060d599bc74
SHA512

92b5857a2e2dbaa587824813ab32fa72d18212bb55cd6245ab1b5b189582201c746e98fe4adf2332f9150a76c991751a66b2ea1f59dcd9a2607a5a50b6366e06
SSDEEP

24576:8YtwvpnlgSN0h8BrRFTgLvOmFBAHNYiqFOpWT+yht3pz:8YqGSNRSG1tF236yht3p

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2132	b81ac132354b72d74db608226565c8eb_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b81ac132354b72d74db608226565c8eb_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2132	b81ac132354b72d74db608226565c8eb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b81ac132354b72d74db608226565c8eb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b81ac132354b72d74db608226565c8eb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b81ac132354b72d74db608226565c8eb_JaffaCakes118.dat

Filesize
50KB

MD5
28f37d2a79ca28e003e467ccb0df6d34

SHA1
a50f731c500c08c22f6faf45b92a121ab53268b7

SHA256
86aea6dba27eb85e5ac9d1d949af049e63f884f9ebfa8b1bf7c9b5bb3a7e0d8b

SHA512
dcbcfc9d60c99c73972fbabd708ba6f4c8017593b49056f82d679adcfe80e57c4c64a31cb133eca31738f0e391d8f608771e494ee8e3dc527adac480ba59ff58

Download Submit
memory/2132-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2132-4-0x00000000005A0000-0x00000000005B1000-memory.dmp

Filesize
68KB

Download
memory/2132-7-0x00000000005A0000-0x00000000005B1000-memory.dmp

Filesize
68KB

Download
memory/2132-6-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download