a7204a74f65e4c5f47d111510ae6cbb132f02858d922d2aab85c08d74cc67a78

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe
Size

683KB
MD5

d260b3831d3d9d3c14e206d50b5faaa3
SHA1

390529335f629d6d723747ebaf8fbed1c7a84f0c
SHA256

a7204a74f65e4c5f47d111510ae6cbb132f02858d922d2aab85c08d74cc67a78
SHA512

76887a4b56eb90864863675c6a0e8f2898169ec9983f24f733fdfbe9f9cef9bce9a96a83a6e62d1d9f58bef8cd06d9c3e88294d9074ed33f2d8cd8c51ee27601
SSDEEP

12288:Cn3NTTloFoycVCm2AxqAVM4ZBoKgXOEpjZV1JkL+ERXXYNeOQKy81B4z:m3NTquFVQA0Af3g+EpZVrklRHKetK91s

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2772	jp2lt.exe

Loads dropped DLL 2 IoCs

pid	Process
2724	d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe
2772	jp2lt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jp2lt.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2772	jp2lt.exe
2772	jp2lt.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2772	2724	d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2772	2724	d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2772	2724	d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2772	2724	d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2772	2724	d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe	30
PID 2724 wrote to memory of 2772	2724	d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\jp2lt.exe
  "C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\jp2lt.exe" -litename "d260b3831d3d9d3c14e206d50b5faaa3_JaffaCakes118"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\Default.spk

Filesize
109KB

MD5
d234d4e66c8df098a5dc3934cc0cc71b

SHA1
3bfcca74cf4ce1d30c900a2a46a8be49a8e48911

SHA256
e8d03fa7ae11afcdd020e17141438605c3f7e4cb855ad82c744416917e0b0fae

SHA512
d78504f360752ab2cc29ffce796566e1b607f65f98f147862df3908a0bf2287198650cdb665c6c3e3559e0f659370af9b4cc5df81e63dd845ee0235b7bb7dd18

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\Jp2lt.exe

Filesize
733KB

MD5
b05c9d19de9acf53b551882b1f6ace9b

SHA1
a01c58d0fc306ee3fe5ae638d5fc0475478a7e82

SHA256
9565c0dfa6408edc3c8d0e5952446f72e405d71df2a4ba45c0b99c9a6bcb6700

SHA512
54f0cf6886f8bf86520b06efc3a70f702dfd3fb04361f3c39705db7354285ccd8ae637d3aa2b6b5ec875a944ff0c7d24028621453afee9f408e2536e1db77cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\Media.dll

Filesize
173KB

MD5
b29cde18fae164f672e8bfcea5de37c7

SHA1
e1439a0a64d98ed038dc2999c881238c38917404

SHA256
09cf4b6bec3a1891b60156aef51fef4c831b3c37db6cea8381bb1c60128c81fa

SHA512
6548ea2759c565abc2093315899aaf87724daebba1949b778e9ab6507db835b1def5068dee2c20f6da5228989d025349138cef3bf7084f33ad146a1e11f6c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\Puzzles\antiwrinkleproducts.pzl

Filesize
9KB

MD5
0921906f9e40d31dab81e13b0d8231f1

SHA1
54868ba90afb5750b649a64b09dca66b96a563c6

SHA256
7533cb95495b23288e38e7c2c0822b5f1ba4c21fdada3e6412bc669b392ecc76

SHA512
be509d27f784f114ab457ce7eba4ca201f31d90727526edae5931c099f861e7e56d8e5d2c5b3e424c4c7d221af7e25161759799f8b1375dc0dc4fc1de7d9dcef

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\data.pck

Filesize
11KB

MD5
810261516945f6611547d7c67883a0ca

SHA1
6c607c52277a7063acd623d2ebf8f917c9420463

SHA256
5dc5a977b099f4645ebab6271442d13457bfc7a91564700dc982b292933b574f

SHA512
0d44ad0f0cc833bfb0880008de607765e25f908d883186e153f3537e9da3d5e1594b6d4524f765a40602af591d8e82901080f8775cffd3734d57dbec1349cb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\english.lng

Filesize
17KB

MD5
5354dba4dab261ecba05b7b3b2ee1d13

SHA1
b227ebace8c2a02e50c5cddbb5589928062a33f1

SHA256
3aa42234872afe5b3861bc4929bcd58146f507c45a338eff3073db534907889a

SHA512
16089a0f4e22107330e96638481f06c9065d0fb70df016b288950185d368b8f72f216e7ac4603159d72a7035ef456c1ae5bba3e555a528a88baa989fb0a4e1ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\index.ini

Filesize
86B

MD5
735702f2f12073fcbb4857387fe37586

SHA1
94075282985fcd4ce5a15105b8ac9eef6023ba9f

SHA256
7f8a12c4ff4ed9c991534bd5e71b042b272adbbbeffbe9a0179f5c7f5ff47026

SHA512
589f471ad071f8d8f7e6b965895f83fd8fa87ef6a0752ebb72397fc13445e90ec2128eb371796c68119188d7302d0308cdb7677dce1539e4de18d0be0b4a2e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\lite.lng

Filesize
917B

MD5
d6a6b435d0fae8bea7cf58f9e6556918

SHA1
b0c37e4c0b389e321274a29f2ff0e6c49cc26495

SHA256
b5bf33f1e3d183ff260b925b4bfaa46871f1a0e03357ccdad8fff05b26066423

SHA512
e664794bcaccbf86f6c3d4424427a9062f6ab82d6f2dfe07a13aea3e315fa114213d445a084e8e543075f3e5a9d82c0a1f179a7c257b425fb51e7ba4016b3229

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\log.txt

Filesize
4KB

MD5
d2ea04c0c9499927e1109397c536d226

SHA1
3bfc35056dd053b52fc27b54e0faf26ac385658a

SHA256
e64794436e8e3213ee664a08d816078c0387bacb329a5de6ca3752a98ec76ace

SHA512
04f3515d639e61bcb8080e49fb6bae0e2a885926563140cc81f942ad342a0726173f24bd87bea6c553a6457e386b10542fc303e0a20520bb08ed9cfa3d0edb66

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll7E15.tmp\log.txt

Filesize
2KB

MD5
f255abdfa0152435cd42a81a4a095253

SHA1
d746ecb8eb8c318d8d70e15a7b4b949f0df0dc72

SHA256
ea41550b46a63fed2292c5b0952159903d227daa88eff0eb6173c10771d5bed2

SHA512
606dca694ee5731e279ddc6e5139a9f7bcffad44921d5ecb999bfa1b5fdf3c27cdc51075dfe66e478611916f1425b970d6d31575ff00f291cbb398d3abd67dad

Download Submit