dc1dbe7c9157a2982b2681250c7b1318500a0ffb61c833a03656b3ef4ebcf6f0

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 09:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
Size

250KB
MD5

d605ed2ad5cd3262bebc7d4e37d2fdbb
SHA1

c74a0ebc567319d4a716040a2ac0571865cab53e
SHA256

dc1dbe7c9157a2982b2681250c7b1318500a0ffb61c833a03656b3ef4ebcf6f0
SHA512

3dacdca655003b27548eb43da98acb78ea149fc63f728cff92d8180ae54f213e3ed938f5c936f45f40a5f508de896e9032e24da72172820588fb5b2baa4abaf2
SSDEEP

6144:sST7vS15CFJDv+CzqxXmbBrTqjEZA0t86IVAQklAiY/hZL3:sS328TPJqWPvIVLSAzbj

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2436	d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
2436	d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
2436	d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2436	d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d605ed2ad5cd3262bebc7d4e37d2fdbb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\7E07E265\_Setup.dll

Filesize
121KB

MD5
e8025a0b0267729dc9edeaee0a087edf

SHA1
9406e1998f5a78aa15614d6098f9d1a5c3b1fe82

SHA256
e7f2e868787381b63ddb5888f1d47a2a2b05934483ff656f9e79be5fc5d43c8f

SHA512
a20f3fa066d7baadfd10c2247f1727ef2d01b6bd78a8c3f22ba2fe26745ea0aedd28576bf80e90c41fe2b030be43e2fd0f3cf74d438eb67269775aa231662a99

Download Submit
\Users\Admin\AppData\Local\Temp\7E07E265\_Setupx.dll

Filesize
21KB

MD5
1e0ff78cc033cd0c24c6910fc66c796b

SHA1
8f88bb67a4ca3cfed40a0919dbe28558a3f026e2

SHA256
ed01ebf124a381cb6817e27c8ffed0f2866ebffe45d130ef89a69858895e10f2

SHA512
0219b1e6bd43a5b5e8749eb47fa702874d45efb03471d96f7d7935bdd6aafd28574bfe236766669315879453431064b92917a14f4042001e2257d159d7c841a7

Download Submit
\Users\Admin\AppData\Local\Temp\Tsu-0984.dll

Filesize
248KB

MD5
961bab6d3b9d50e12b40f724943b5c0d

SHA1
90cd69057be30e44f77fe5c2e0bd38f42886a1b3

SHA256
d1c6caca7e52bc4228e5177ebe8d1a4133f8ccde9db5bab882512c1b74add18d

SHA512
bde1a35be017a07f06ee3b40de48aaa557b2274a53f0fdda392c5d874f9fc0dcce98b589e5be62be072ef2f6ceda92c8f072d11c3b18d888285c517d9c3c8f9e

Download Submit