314ed7c529891d3077d2ba6a223ae68197d28a6da75023f32938ab0985de89b7

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe
Size

226KB
MD5

dc21123faed62a6a9bf9ac0ff12dc07f
SHA1

947a2e7b858f0ec7c01dc491830335ca8836e35a
SHA256

314ed7c529891d3077d2ba6a223ae68197d28a6da75023f32938ab0985de89b7
SHA512

935cdcb99d7bd676511274122208c76d100f25c448612d5342b6153c5bf19467fb0d1ec468f2d68bdd6c006443642e2159eaf347698762e54b5662b3686012b0
SSDEEP

6144:5NZrJONFZejzyzBf9njd12n6uf8+p74lkhDJ6dCPNytZLs:5Dr0NGunnJ0n6y5pslcl4Clws

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2968 set thread context of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31
PID 2968 wrote to memory of 266816	2968	dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\Temp\dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\dc21123faed62a6a9bf9ac0ff12dc07f_JaffaCakes118.exe"
  2⤵
  PID:266816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2968-540545-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2968-540546-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2968-0-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2968-57051-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2968-540587-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2968-540583-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2968-540570-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2968-540559-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2968-3741-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2968-3472-0x00000000004AF000-0x00000000004B0000-memory.dmp

Filesize
4KB

Download
memory/2968-569019-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2968-540547-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/266816-569015-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/266816-569013-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/266816-569011-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/266816-569009-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/266816-569007-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/266816-569017-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/266816-569016-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download