ecd14fab43167f361a768d2901fd9133e51075d34443d9d582e659265b2dcfc9

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe
Size

250KB
MD5

d1e0bbbb2750ee1dcb90d34b5a6d2d0d
SHA1

99d328cafda805b6f2293b492b6de91ff0b65f4b
SHA256

ecd14fab43167f361a768d2901fd9133e51075d34443d9d582e659265b2dcfc9
SHA512

c414ef69a7ef5ac3c9869783e6b2bfc79235b27a515cf1c0ad8a713121910f3c87fd864e6e7b7513f5a0307e1c2588bac3a845f91c6de35fae80117552e4c4b1
SSDEEP

6144:xo2VFKYmEsSB7LakJfhl2tGJtN756BmEPlgj8mQLEA+heAUmY4:xo2b9nxHfn2tetN70mE9gj8mTem

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2076	d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DCC550B-68C7-11D1-B2E4-0060975B8649}\Version\ = "1.0"	d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DCC550B-68C7-11D1-B2E4-0060975B8649}\ = "{F3A9BA6F-2242-8898-E2AB-54106A075953}"	d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DCC550B-68C7-11D1-B2E4-0060975B8649}\ = "{F3A9BA6F-2242-8898-63F5-CF5A6506938B}"	d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DCC550B-68C7-11D1-B2E4-0060975B8649}	d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DCC550B-68C7-11D1-B2E4-0060975B8649}\Version	d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1e0bbbb2750ee1dcb90d34b5a6d2d0d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ArmC15C.tmp

Filesize
84KB

MD5
81289ead9b832b5a3a4dda8f13220e6e

SHA1
bca0e0ac6cfedfa716012dc5be5437a917adf2d2

SHA256
34dfb78f0588c45b5a466db3a73d69e3e0838263a0301e5246b014e3afb72a35

SHA512
95267286730e132fe031443a2b36317ec03aca6c5003e7c3c7a359577d5e1da92faa6723e86be649a3c4c59d79534d926829f22511f38aa9dfce4a73f9161bd2

Download Submit