Overview

overview

7

Static

static

3

cf14c777ae...18.exe

windows7-x64

7

cf14c777ae...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf14c777ae104c2a2960d73b8d83cef4_JaffaCakes118.exe

  • Size

    785KB

  • MD5

    cf14c777ae104c2a2960d73b8d83cef4

  • SHA1

    a06daf1f55f63c226990e715e41dcc348b8b544a

  • SHA256

    24ea67b075b6abcc8b687ac9df1dfcbd34e5c2f357817f46415e229ec126c478

  • SHA512

    923fd4cafa8a20198c37d49798cbdc48b4f500092b26e59e9f7db49a0913f47076d3058751492848f8b4084250796a9287bf7c596a1ffd69cbac1922f1131211

  • SSDEEP

    24576:I7uahkRndwLNn71l0ZnpzW6OK3th77E62T+hRbDzrLZ:7HB6Bn7T0Nk6OAhManbD3F

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf14c777ae104c2a2960d73b8d83cef4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cf14c777ae104c2a2960d73b8d83cef4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\C937F821\_Setup.dll
    Filesize

    69KB

    MD5

    8d584b8c5561086c295ea5cf9389da70

    SHA1

    6807954ce9cbdc765447a00dfae9b982dd825ab5

    SHA256

    3f874c0e7ced9ae6f81d48221bccba4a0118bb2c8da757ccbeed6a9c465c68ea

    SHA512

    184e5f75d1dfa64eec6684c918e1ed96af9800c8ab3b67e5e3c8d61e4de4fb7a02972985ec661f69f69f7475e190da661495522ce7ee4fbc98f0945ee1072b8c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Tsu-0ACC.dll
    Filesize

    245KB

    MD5

    b108889302e8b55cf9ccf20cd6410957

    SHA1

    0996e075524e6ff1b6cd6e1a8bcb37dfa6690b03

    SHA256

    14e326cf45273d252eedd569d271dace54ed6241719ff8fda006e46de768b200

    SHA512

    205e532b56fc00c5b41df67af1ca442f97991f18f4fc5af165f22962459995000af90df70d6aabf030b25c1a85ab45a06ceff59f329fb9d46965c07b81e2e5eb

    Download Submit