2d572ee3ee4f57181fa4713c570b2beb869ea757032b8ea556d3b5896d440b2c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe
Size

261KB
MD5

d9ef2bd235d097da52ff3fc45f923e76
SHA1

9eb22fd4e0bf0add57eb46741784eab44f072bb4
SHA256

2d572ee3ee4f57181fa4713c570b2beb869ea757032b8ea556d3b5896d440b2c
SHA512

3c4c556e3c2562cfe43108227d3f5bc551bf1406a951734c18e0cace04884a9e797abde7461a9ae7f11ea5c22fcad8e9bd50c9f38acdf957f57fde6399ca2b76
SSDEEP

6144:bHcYBEu6MZTc/fTrN5EIBn3QTuV3Esh1/dloi+:ZmuzajBn3bVHn/dlO

Score

5^/10

discovery

Malware Config

Signatures

Drops autorun.inf file 1 TTPs 4 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	\??\c:\AutoRun.inf	d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe
File created	\??\c:\AutoRun.inf	d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe
File created	F:\AutoRun.inf	d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe
File opened for modification	F:\AutoRun.inf	d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\cmdial.exe	d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\of.ico	d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d9ef2bd235d097da52ff3fc45f923e76_JaffaCakes118.exe"
1⤵
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AutoRun.inf

Filesize
73B

MD5
09246caf397bbdb713cfe50adec39010

SHA1
569255dca8883bb8282c7c84b59b63c454016b3c

SHA256
0f4bd6ef59e9275f7526ba9290a1a779482fe9c8c266e9c2c0e03d1bf34cbacd

SHA512
e0e128820daee5de9a32ea710d6320302ab29c1094ee5ae889b1dc059f4bdad05b9e147e54915c113f77098058b835f48f36fc981a236e2cf80606e600442ebb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads