12bfc265a2057936ef92c033cb34dbdd9dc549f1a3d62e26482e4f820f9856e9

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
Size

320KB
MD5

bfb897e762d738b0682c3be4421a0d4f
SHA1

91359dfd89f4860de5fef77e69afc1d8d231fafc
SHA256

12bfc265a2057936ef92c033cb34dbdd9dc549f1a3d62e26482e4f820f9856e9
SHA512

e0a9d711a31ba4a55ce37923f5ea1b03267921c0526e269cc5dc41d24db1845d49bb06b64549ee2300d4da656661a7e9f11b228eeb9ca22443ce2cd236283cf9
SSDEEP

6144:1sguKsY/EexnbTvWROVAFyQHMwJFCWjAbdpg6dd9exEaA:z/EsvWAmFZs6IWUxpqxA

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2904	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
2904	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
2904	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
2904	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
2904	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
2904	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
2904	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
2904	bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bfb897e762d738b0682c3be4421a0d4f_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mm_909D.tmp\log.txt

Filesize
536B

MD5
7966e738826b1524869696f6a80b5bf5

SHA1
bda9bc081229393f578148530fb0b78e6d285729

SHA256
cd0651ad704ce1ed37019b7fcd0a88cb0a8b6a6ea322403f3fff9a9bb030e024

SHA512
0f18237f56ac588c5c272f1b008da25dc8775f77dd9eddaab0189035a4ac55ca4daaccbbb0ec96b515a93ccad53bfb8dc22356861f1aed452f7c1d26076f9c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mm_909D.tmp\log.txt

Filesize
758B

MD5
bc0035333770f7bba23a4adca3f4331b

SHA1
09832e65d3d08aefcb96716178423c017a07972e

SHA256
df7d67d8d39be4918c2ceeabdb50e7f6ed5b39154d5397134af76a10344d99a1

SHA512
5cb4186094739d72379f6fcc53307d4fc2d079fcf8423904defa3469b466415d067cc023afb5a8532c0d609734b2bd68cbc568d7612b297f01c1841e12221772

Download Submit
C:\Users\Admin\AppData\Local\Temp\mm_909D.tmp\log.txt

Filesize
1KB

MD5
90c4cf8b7e692f62b29a8b20a6d7bf86

SHA1
4506c4e858e347fc00bf15e9447e5f39f87e3391

SHA256
0d99f8263d5ad5639572f69d4d0632d1bbc940d39f9001011075d9e468544f95

SHA512
0d5effc3e0c3a6c1f131982bef69d7168aa1f56789283ae83f8cacaa54aefe5795dd3f79865059e054eb2c46f07e6a4031665a5a4abe4809ef4be490fa73da1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mm_909D.tmp\log.txt

Filesize
1KB

MD5
594edce63962134eb1aaf4e65d3e7b2e

SHA1
90a489c4a422920f2f39513dd1cc331235bc283c

SHA256
914b96140c80fe35168fb4b4da319eb2d79e0f3996c15de0c85ce1e489a6370b

SHA512
e62e9ac3bbff115a507614e515e41e94590230f2211d3d4d2f803da8dfd6bce76ae9e3663ebce05a862fadcd942efe361af890da34b8ecc3699e1c6573853868

Download Submit
memory/2904-22-0x000000007EFA0000-0x000000007EFA6000-memory.dmp

Filesize
24KB

Download
memory/2904-32-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/2904-1-0x000000007EFA0000-0x000000007EFA6000-memory.dmp

Filesize
24KB

Download
memory/2904-5-0x000000007EF70000-0x000000007EF71000-memory.dmp

Filesize
4KB

Download
memory/2904-0-0x000000007EFA0000-0x000000007EFA6000-memory.dmp

Filesize
24KB

Download
memory/2904-6-0x000000007EF90000-0x000000007EF98000-memory.dmp

Filesize
32KB

Download
memory/2904-29-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/2904-4-0x000000007EF80000-0x000000007EF81000-memory.dmp

Filesize
4KB

Download
memory/2904-34-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/2904-41-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/2904-7-0x000000007EF60000-0x000000007EF61000-memory.dmp

Filesize
4KB

Download
memory/2904-44-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/2904-8-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/2904-62-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/2904-63-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download