0eccc6053a483361e97971ed444d142701b4b55fa367545f9f8bee6fb6b02069

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
Size

1.2MB
MD5

c85508a5fb3df2485a261b8065f3eaff
SHA1

14a395717348e96d023789d159fe7bc31fd76b6f
SHA256

0eccc6053a483361e97971ed444d142701b4b55fa367545f9f8bee6fb6b02069
SHA512

5ce8957f5df41264f7a457be808035f2d3883c8c631cec606619a614a4a772b1d7d70584caba93d5a6d45dfd0c2cd4080ae2f432124fff71a553d2be3751b77f
SSDEEP

6144:Qe34jW7Mq1zQbe9DP3lpr4jAxLY6MhEVagKx:WUzQcbRx9TVPu

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x005100000000f5ab-17.dat	acprotect

Loads dropped DLL 5 IoCs

pid	Process
2072	c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
2072	c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
2072	c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
2072	c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
2072	c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x005100000000f5ab-17.dat	upx
behavioral1/memory/2072-19-0x00000000004D0000-0x00000000004E2000-memory.dmp	upx
behavioral1/memory/2072-37-0x00000000004D0000-0x00000000004E2000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2072	c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c85508a5fb3df2485a261b8065f3eaff_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsj13A.tmp\LangDLL.dll

Filesize
5KB

MD5
9384f4007c492d4fa040924f31c00166

SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b

SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

Download Submit
\Users\Admin\AppData\Local\Temp\nsj13A.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj13A.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
\Users\Admin\AppData\Local\Temp\nsj13A.tmp\nsRandom.dll

Filesize
21KB

MD5
ab467b8dfaa660a0f0e5b26e28af5735

SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d

SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

Download Submit
memory/2072-19-0x00000000004D0000-0x00000000004E2000-memory.dmp

Filesize
72KB

Download
memory/2072-37-0x00000000004D0000-0x00000000004E2000-memory.dmp

Filesize
72KB

Download