81757c83a3b7210fcaafd614cdae56550344d3fa8df3ea6471402e76384ad875

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 21:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d71848c826a364d18589477edc042d2d_JaffaCakes118.exe
Size

982KB
MD5

d71848c826a364d18589477edc042d2d
SHA1

5525bd7875ec71ffd7fad73041e43a49b4ecfce0
SHA256

81757c83a3b7210fcaafd614cdae56550344d3fa8df3ea6471402e76384ad875
SHA512

f007960b18aa5788e6cf3ca9e95e6a5e1d224eeff639f830952c0dbcbe8063f04b8be510e6d47059a014ba31b321bc1f7a318a60870e84b42708c70fe8a8c928
SSDEEP

24576:HvLrJhF2S2eIsfDMwiZvpuUDz4QmXJWlqw:jnFgGbi3lmZRw

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
304	1.exe
480	1.exe

Loads dropped DLL 4 IoCs

pid	Process
2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe
2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe
2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe
2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 304	2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe	30
PID 2400 wrote to memory of 304	2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe	30
PID 2400 wrote to memory of 304	2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe	30
PID 2400 wrote to memory of 304	2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe	30
PID 2400 wrote to memory of 480	2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe	31
PID 2400 wrote to memory of 480	2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe	31
PID 2400 wrote to memory of 480	2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe	31
PID 2400 wrote to memory of 480	2400	d71848c826a364d18589477edc042d2d_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\d71848c826a364d18589477edc042d2d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d71848c826a364d18589477edc042d2d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.exe
  2⤵
  - Executes dropped EXE
  PID:480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.exe

Filesize
712KB

MD5
07c1c3097340016ca94a41162c5eff7f

SHA1
1411ab759796f124659fe36beed8f4762eeb68ea

SHA256
d9914b9ef3f4aa12b6f7b056d42cc106e60fb08e0599764c006d1b6b7d2b102c

SHA512
f630a7cdb347c91a00f30cb97911f155d3e677934b29d50c1bafeb26f046321a5da3f4c7112a491b0b806939fb3c49889720646c218e90c4a48584ba6fdbabf1

Download Submit
memory/2400-0-0x0000000001000000-0x000000000119F000-memory.dmp

Filesize
1.6MB

Download
memory/2400-1-0x0000000000240000-0x0000000000294000-memory.dmp

Filesize
336KB

Download
memory/2400-14-0x0000000001000000-0x000000000119F000-memory.dmp

Filesize
1.6MB

Download
memory/2400-13-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-12-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-36-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download
memory/2400-65-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-64-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-63-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-62-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-61-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-60-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-59-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-58-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-57-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-56-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-55-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-54-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-53-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-52-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-51-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-50-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-49-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-48-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-47-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-46-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-45-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-44-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-43-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-42-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-41-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-40-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-39-0x0000000000D80000-0x0000000000D81000-memory.dmp

Filesize
4KB

Download
memory/2400-38-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/2400-37-0x0000000000A10000-0x0000000000A11000-memory.dmp

Filesize
4KB

Download
memory/2400-35-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/2400-34-0x0000000000D70000-0x0000000000D71000-memory.dmp

Filesize
4KB

Download
memory/2400-33-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-32-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/2400-31-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/2400-30-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/2400-29-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/2400-28-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/2400-27-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/2400-26-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/2400-25-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/2400-24-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/2400-23-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-22-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-21-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-20-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-19-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-18-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-17-0x0000000000240000-0x0000000000294000-memory.dmp

Filesize
336KB

Download
memory/2400-16-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-15-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-11-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2400-10-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-9-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2400-8-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2400-7-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2400-6-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2400-5-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2400-4-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2400-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2400-2-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2400-70-0x00000000031F0000-0x00000000032B9000-memory.dmp

Filesize
804KB

Download
memory/2400-75-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/2400-84-0x00000000031F0000-0x00000000032B9000-memory.dmp

Filesize
804KB

Download
memory/2400-90-0x0000000000240000-0x0000000000294000-memory.dmp

Filesize
336KB

Download
memory/2400-89-0x0000000001000000-0x000000000119F000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads