7152a6647967eacc16202f42e14692081ea771265e9804f227f398526004c6fb

Analysis

max time kernel
140s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 02:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ce71b637ab8217f25b5ce35ac845c30c_JaffaCakes118.exe
Size

30KB
MD5

ce71b637ab8217f25b5ce35ac845c30c
SHA1

2bdcadca354762d45e37c1182cb558d09aec948d
SHA256

7152a6647967eacc16202f42e14692081ea771265e9804f227f398526004c6fb
SHA512

ccb0eebcad964cca81020659b4768bb98e8ba223efe444f72589fae1a522b0c0d6086aad50ddce0ff1b4f76e26c7f1dd46ecc8cbd9cc534177d34183760b5be9
SSDEEP

768:szTVJIIvXccJa+uaXNB6WfAXmV06isA2L6oazWlKYJO3g:szTVvvFwe6YYmVysMzEqg

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2428-0-0x0000000000400000-0x0000000000418000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ce71b637ab8217f25b5ce35ac845c30c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ce71b637ab8217f25b5ce35ac845c30c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ce71b637ab8217f25b5ce35ac845c30c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2428-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2428-1-0x0000000000240000-0x000000000024D000-memory.dmp

Filesize
52KB

Download
memory/2428-2-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2428-3-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2428-4-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2428-6-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download