d781aa35264c8172ee1b87d3788fe32bc730497fe4161783b1b2ac7061449023

Analysis

max time kernel
101s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
Size

4.4MB
MD5

bf9319950cad3d159d653f10a2c32e62
SHA1

fe2ddf5ab88bd249e76cb08fc0ebd636a89737fd
SHA256

d781aa35264c8172ee1b87d3788fe32bc730497fe4161783b1b2ac7061449023
SHA512

65ac027e62e6274f11d523674a7f2978a0dd64f11157c4774a9b8f1a9deceb51407949ee1f32159d523cf1bc7501e8be3a5bbd6ca236ff15cf885aeb9547e073
SSDEEP

98304:QVNIeWAlaaZUd6THT3fe3fvkQpVvMO4h77jCNg2EupJEzvuS0huOHo587b:QVNWMaaU6PvkPkDvjCNg2rQG1FHo5eb

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
900	bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bf9319950cad3d159d653f10a2c32e62_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nseA066.tmp\ioSpecial.ini

Filesize
764B

MD5
a16446e0c4307571f5406f867cbf9a89

SHA1
62f3620902185191e1601cdb87885888dc70aff0

SHA256
7ea8e2a4f5efdf65d742f26b1c7a168eb4d5f98da998770c8785e6d88014578e

SHA512
0d1257cb2e17334e3a74f8c4db1b347f72d38eb92e892c4a79127f680399843b1f6c7d4a1f0ded41639db9e09914a32ea6d2d4c1018c6d1f3e25d2ef0995db99

Download Submit
\Users\Admin\AppData\Local\Temp\nseA066.tmp\ButtonLinker.dll

Filesize
7KB

MD5
dd85ac7d85c92dd0e3cc17dfd4890f54

SHA1
a128fb7a05965c1a9913c6f5e419e6c4c0a7d2fa

SHA256
27abd2a4fb1bf66add60221b52d061bbe24d2d21e13600725ff7a5c6c777b504

SHA512
e4ff8216c65110a9d156f37c2062acb53a72daa8af12dfc24278920d9e1a4083a81b1446759df75405b2da34c7bfb1afc33184feedd0aee4ed73f79fcbb1a8a1

Download Submit
\Users\Admin\AppData\Local\Temp\nseA066.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
\Users\Admin\AppData\Local\Temp\nseA066.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
\Users\Admin\AppData\Local\Temp\nseA066.tmp\InstallOptions.dll

Filesize
14KB

MD5
06bef96b91bfa75b7f7817341a6cd597

SHA1
48a40368fc339ccea1dfda06d2e02bca7d7265c1

SHA256
2ca5590c85cc31285b83bbe569755d909d91b559db2d6ce3bca2fcc075225364

SHA512
5364d0944b4be215fb5d8bb8398e965ff6fa3190a962dd6c491984482321756017f89c2242d77ebcce6666c31fe54a956f2eb3a03a95d64121a1db462ad20a0d

Download Submit
\Users\Admin\AppData\Local\Temp\nseA066.tmp\System.dll

Filesize
10KB

MD5
7e3c808299aa2c405dffa864471ddb7f

SHA1
b5de7804dd35ed7afd0c3b59d866f1a0749495e0

SHA256
91c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd

SHA512
599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738

Download Submit
memory/900-4-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/900-144-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download