b29516fa8711c1c941b5f0f759d32524726ba7fec056a0661de649d16a011f35

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 10:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe
Size

112KB
MD5

d1abcc8f626d678e2c60c26b138d569d
SHA1

4a64952a9b02dfded8b0858cf4e90fe9d87d6962
SHA256

b29516fa8711c1c941b5f0f759d32524726ba7fec056a0661de649d16a011f35
SHA512

32ee75e85fa65a359ef3b98869eb58bc229d40cdbb866e5e09c37c804e34fbc9a1e2a4103d6f74165033baa3aaa9fada6b8811f967548163bfbefd1b6b2f26ab
SSDEEP

3072:Sp6C7gJyCpctk7LDb0CXiVnHvU1eTJ0ZP:W658uctez0CXiVnHv6OJ05

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3036	elite.exe
1164	Elite-Assassins Elite-Cracker By Rocc.exe

Loads dropped DLL 4 IoCs

pid	Process
2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe
2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe
2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe
2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Elite-Assassins Elite-Cracker By Rocc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe
1164	Elite-Assassins Elite-Cracker By Rocc.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 3036	2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe	30
PID 2404 wrote to memory of 3036	2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe	30
PID 2404 wrote to memory of 3036	2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe	30
PID 2404 wrote to memory of 3036	2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe	30
PID 2404 wrote to memory of 1164	2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe	31
PID 2404 wrote to memory of 1164	2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe	31
PID 2404 wrote to memory of 1164	2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe	31
PID 2404 wrote to memory of 1164	2404	d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1abcc8f626d678e2c60c26b138d569d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\elite.exe
  "C:\Users\Admin\AppData\Local\Temp\elite.exe"
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Users\Admin\AppData\Local\Temp\Elite-Assassins Elite-Cracker By Rocc.exe
  "C:\Users\Admin\AppData\Local\Temp\Elite-Assassins Elite-Cracker By Rocc.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\elite.exe

Filesize
8KB

MD5
9fdd217cbcf290b558a3182e12977527

SHA1
11b0a0997779133a8f36c886c8b688c61dfe684d

SHA256
c692c0f6749399fb37428e9189cd52f28b28aa2f89f404f8ecfdfe023658014c

SHA512
7c4a8f7e3f9dae7e210e587246533ccf184f667f9bd96ad107a32c56616321a18c564271fb45d79b1fddb7da01d5a61da7f996f427ec7047c863f2ebc82359f3

Download Submit
\Users\Admin\AppData\Local\Temp\Elite-Assassins Elite-Cracker By Rocc.exe

Filesize
80KB

MD5
0531e13a4ee83b0794590ad5b73d8edf

SHA1
1b1b5305ea0901046fa73d7efb5e337f6aff4db9

SHA256
a17f6239b9dcf5bf85e97a843f7470031936c30e5e1f4698f6bc040e45c4cbf2

SHA512
fb51c7c17e7f16fb681f9d3ec2d9283a3683ddf48006d625b52c0144df556cfbfe5bd3e41120e4fd45a800144aecd9549d0fa1944421a219f43c6ef473210e01

Download Submit