2f379d9896a6b60f6bbcc52988bca32091222bdfec6bae3f00da1b2134369316

Analysis

max time kernel
140s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 19:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
Size

631KB
MD5

bf3e4e872fbc4d23412675dd528d0683
SHA1

15cd683817863ca88742309d83b43d0bff93889e
SHA256

2f379d9896a6b60f6bbcc52988bca32091222bdfec6bae3f00da1b2134369316
SHA512

d285e33c0fcdf8110471473a8d1dba663260b8b0ec78869ed7772d7678f04fc846970517a3550ed40d7d6cf21102749ce4e9d00287c9d8c3f23133435ba931f0
SSDEEP

12288:dfBbGsDT9LGrzWxB8nF1qTeuOuPtvafd8vndfplQlYw1FyboIBz:6ET9arUB20Tetu1qd8vJpKYw1MJ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
2244	bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bf3e4e872fbc4d23412675dd528d0683_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_4\EThread.fne

Filesize
48KB

MD5
dea0f82bf5bd6031c47749f5dde40782

SHA1
36293ba7a762cce2363c8b8748d9bda29bd6ffd5

SHA256
59da32423590cd24a9191371aef40c9f9934a9a880f2fa2cda94343eda23bb4a

SHA512
dd7a0d25c46aa333eae630e796a20278345f5556af52a3e3f2f5e9f0bbea06ae4facfb8770f78f3877d59b1ef5597241864991eef0edcba05f92f1f3d4aee203

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\Exmlrpc.fne

Filesize
33KB

MD5
17dd164ab2888eff641728e6f8fd7f6e

SHA1
ef915f275557ba2a4c9c4aa23353a98fae2e7d6a

SHA256
5cfb78636812f902da98e7b261b8ebe637597f75a8469c97e94e5a0d980e72a4

SHA512
f4c8231f23f26b6250ad53a6c824e40f78a09ca589956404057ca675fb46d9086c7662ac2c18ed1435941e2d7f5507bb0766558cd217af8465df0c164dc1055a

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
370KB

MD5
2ecec3170756cb74b55380286b882627

SHA1
7295bbfb532f5b7521923e91098fd7e782f49b4a

SHA256
3f3671a19b316723f9293b4e409f6c536a0cfc0e6ceadf694786d96c4e374b88

SHA512
8204f0cb65336f0a0f76a5929348ea1057732ec29044771383759f8f058ec3a3e07ca6ad505694fc0c084e9e0eaf6def35d3edafe8dbac979cb9c59a4008bafc

Download Submit
memory/2244-19-0x0000000000230000-0x000000000023C000-memory.dmp

Filesize
48KB

Download
memory/2244-11-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download
memory/2244-15-0x00000000002D0000-0x00000000002F5000-memory.dmp

Filesize
148KB

Download
memory/2244-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2244-12-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2244-17-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2244-16-0x00000000002D0000-0x00000000002F5000-memory.dmp

Filesize
148KB

Download
memory/2244-9-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download
memory/2244-21-0x0000000010000000-0x000000001017F000-memory.dmp

Filesize
1.5MB

Download
memory/2244-22-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2244-23-0x00000000002D0000-0x00000000002F5000-memory.dmp

Filesize
148KB

Download
memory/2244-24-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download