bf6310da13634ef8e565b73ff77ea68c4857d73f80b70d3f2bbfef4f8e5e1902

Analysis

max time kernel
116s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
Size

272KB
MD5

d3c9ca7730a5b0f3bb6834fc3c466962
SHA1

9c9b6e1ca894974086ad2320fec3a2ea108983b5
SHA256

bf6310da13634ef8e565b73ff77ea68c4857d73f80b70d3f2bbfef4f8e5e1902
SHA512

cb3764785dd07c7988c47df9a4f8fd3746c9b788c791383bd3c846a59a2adcc5fb4e446aadf2501aed943f36fd799edef20b9f66ec69fc86dae8eaa2dc69528b
SSDEEP

6144:lE2TUVXxexXry6MGdXOA6CFeC5M/+PEg+mQvXzuaV48qLQH2BfZ:lEuWX4BG6jewfBYlua7qMSfZ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2104	d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
2104	d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
2104	d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2104	d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d3c9ca7730a5b0f3bb6834fc3c466962_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Tsu-0838.dll

Filesize
249KB

MD5
adb647de203421001356defee6fa3dab

SHA1
393278ddf756d236be35779666066c544acc7458

SHA256
c96807e91b41cbf4db5d3a97cc68662df344912f310b738b045501ac2c9eb5fd

SHA512
62024663db7af728ada8f73772c30d9ac9ec3486f0b1cd04c918d3ef3aa09d696c3dc063611b7fb6b661b0acc875f1cbd0ec73f9caab4cbdae83f652f294e821

Download Submit
\Users\Admin\AppData\Local\Temp\{F7167ACC-F59F-7ACE-9825-BDBD2CF5583A}\_Setup.dll

Filesize
168KB

MD5
bf17bc5b7c4b940a31c4d7feea98fbd6

SHA1
cfea6595635240360b0a7b8041cbed7d4806f091

SHA256
1f98aeb02575736e244aa9ed5cebb5af67c34980f24b296297902d0c6fcb7c27

SHA512
07e273088326d175a80aa1dd04c58d570a84ab8856fd4dc44feb80f51815a01aa15b50abeaf29d059e237509b67d07261acbb86f1a9d0abc678dca53cb8b5ab6

Download Submit
\Users\Admin\AppData\Local\Temp\{F7167ACC-F59F-7ACE-9825-BDBD2CF5583A}\_Setupx.dll

Filesize
20KB

MD5
5f966bbfc6e827fd4ed9435fdc8866a6

SHA1
b5f99f68cfc8d3008e798ad5a99f4e11363a4940

SHA256
5ce25a530bfd1bcfccef1234ea152c34aaee40200c2bcde2a8e2a3d1268af913

SHA512
b543ce523e5cfa00c7663245100b1b72bce1319e4594d313cf6901f0306298d51054b6a4460ae6eefc8ae0c33e4fbb23a77a6338903e0bc68565ed5205995ce1

Download Submit