aa63d723e0fde39bd468725d9ab31e22fded6f389399dc31f1ccf8bf87bee110

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7a10c92e93cb847bac8537977071600_JaffaCakes118.exe
Size

15.5MB
MD5

c7a10c92e93cb847bac8537977071600
SHA1

5b5a206bef5d16c7b3542be809cf7b5ec2b18067
SHA256

aa63d723e0fde39bd468725d9ab31e22fded6f389399dc31f1ccf8bf87bee110
SHA512

205a14d9b8f1b3cb336337cc783e3416700a781806971aef9d6aec804f054cdf32880fde402f0631b8ee3019320d76d8a05fc7f8068c5402ed0c3e4fe3b25abf
SSDEEP

393216:A+r+bygmIDk8Ed+D+U6IfWgflcNTTBu+9C6ubw4WOzC7vR+pR:A+r++RIDk7DrIfWQlUMbwAq8R

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2052	c7a10c92e93cb847bac8537977071600_JaffaCakes118.exe
2052	c7a10c92e93cb847bac8537977071600_JaffaCakes118.exe
2052	c7a10c92e93cb847bac8537977071600_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c7a10c92e93cb847bac8537977071600_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2052	c7a10c92e93cb847bac8537977071600_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c7a10c92e93cb847bac8537977071600_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c7a10c92e93cb847bac8537977071600_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstC831.tmp\ioSpecial.ini

Filesize
732B

MD5
3339f0ad6712ac4a128d3d80d48f1377

SHA1
71119a68dc70d745899ffe2ef201e2202c90c337

SHA256
8314ed3787af190a3843ec69079b75ba678db809daadbb85db08fc1a73ff6df9

SHA512
2c0c232ee581663911a233cef2c3bf729942f8f5571f31939b4daa93d6c2e82ac0f61182c2246a07e3d89d8fb30e1dd45bcb4ea450871e6d7f9216deea48d1ce

Download Submit
\Users\Admin\AppData\Local\Temp\nstC831.tmp\InstallOptions.dll

Filesize
14KB

MD5
046074d285897c008499f7f3ad5be114

SHA1
159040d616a056ee3498ec86debab58ef5036a55

SHA256
254c5ccbce59ad882f7f51d0bf760cabde8c88c5af84e13cc8ad77ba0361055c

SHA512
ab7436fda44e340dd5909ddec809c6b569a90d888529ef9320375e1aae7af85afcab8c1c1618551d3fe8d6ae727f7dca97aa8781b5555da759d501d2ccd749e1

Download Submit
\Users\Admin\AppData\Local\Temp\nstC831.tmp\System.dll

Filesize
10KB

MD5
0ff5120f1afd0f295c2baa0f7192d3f8

SHA1
bde842d5d11005dcb4ff1d4ea97da31865477697

SHA256
4ca5bf1beb4b802914c4d3e2f37861f6ba5ecf969cfeadf5855edf58f647a721

SHA512
e049ffd7aace8d136eee007ee4f8dbc2ae8f3dce79d1c633d9654392240f8215787df8a6d08085257db51f28ff2a8023a13333dda3ea7f9bdc8b9c57b605f0a0

Download Submit