475bba8c0dabbd35dd2341512a1e3024924c1bd3c8061b0978694cc0b5e5b077

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 18:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b8a78a4cc410716a3e86dd6804a7a006_JaffaCakes118.exe
Size

258KB
MD5

b8a78a4cc410716a3e86dd6804a7a006
SHA1

d66f6650e35f9408f7308b5f29e68e0f6e857c50
SHA256

475bba8c0dabbd35dd2341512a1e3024924c1bd3c8061b0978694cc0b5e5b077
SHA512

b45a9ebde4ce522c1ad50e69605a0f7ec4094f66fb72897701f9af5c32f3aa9572ff312b1e85a493cd6fb5fa6c82d8fadfef6a3f47ec94c50084dc5f5cc48c63
SSDEEP

6144:K3xFQXwb+GtmvcRdlLKmRMnQ7GKkO0XgMWuQG/2CIYp1HQ:K3jb+GRdencGK0R5Ie1w

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2516	b8a78a4cc410716a3e86dd6804a7a006_JaffaCakes118.exe
2516	b8a78a4cc410716a3e86dd6804a7a006_JaffaCakes118.exe
2516	b8a78a4cc410716a3e86dd6804a7a006_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b8a78a4cc410716a3e86dd6804a7a006_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2516	b8a78a4cc410716a3e86dd6804a7a006_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b8a78a4cc410716a3e86dd6804a7a006_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b8a78a4cc410716a3e86dd6804a7a006_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\94A0B22F\_Setup.dll

Filesize
128KB

MD5
dfc2848fe57982dce76d1631f32df4eb

SHA1
bcf875356d3c0801fa344999300f0e63e19368d2

SHA256
f7d6de806111208fdfbda305a0aa6c356618d072868aef7089a8f2b106495ed6

SHA512
78be702857660f9828d27fe387d2afdb3530996c1541c28451c14a839405ff715d7810e3a24d6307166079dc2009a6dceadc44bead24fe478acb576712287c65

Download Submit
\Users\Admin\AppData\Local\Temp\94A0B22F\_Setupx.dll

Filesize
24KB

MD5
310c79744ada5c5e5ca4afa5c884c505

SHA1
bc9ce858290b9a8c53905473e352d2ada279d4e2

SHA256
4777f060dbb455c1923c4b93c9d646e670f9bc717d348230b0ddcf6bc440802a

SHA512
7eb860829c02614c6e9c031049bf0c0312433042a4b5476a23bd2cdbd4d810690e25bc2305672d644caf8450f699eebc6109c4ebbaf0cd78b83183bc8fd600f7

Download Submit
\Users\Admin\AppData\Local\Temp\Tsu-09D4.dll

Filesize
249KB

MD5
c147e4237b78ecd1804e8ed89aec3c5c

SHA1
74f7a58bc08794ec138205b18640ef487cea2d5d

SHA256
e0798d55f6f58944c03c739416b80794fc7b896a58f360d56ce40c84634c8511

SHA512
02f8730a8169f6029e80e5d79c1656e3d73838cde16ee137d7b764f5c725e8888f4ea81023c97e036b4fc262c679efe1fef66290e9028b631ca5b73efa4561a0

Download Submit