b2dc37d7d849d337e6e01726e4782af9bbc56fbcfa97c192460d0210adc591fe

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe
Size

1.1MB
MD5

defc7310d06e08e951f187ed3be0053b
SHA1

bb861da41605bff6b439f90bf48b73851a882341
SHA256

b2dc37d7d849d337e6e01726e4782af9bbc56fbcfa97c192460d0210adc591fe
SHA512

32a24bfb781e5194eebee4daed7e3b0e435f225e69d0831a87988cb6005d9e492690c1eefbeaffbc4256c1440a6663913457c441bc5329be92b946d51d36ec10
SSDEEP

24576:wwMaeS8ILI0J0IVPG9rHF4Hs/2ZGDn47ZZWXiq/XQhJ6p5cA:wseS8ILI0DVO9rOHsuZfQX3/2J3A

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2956	defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe
2956	defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe
2956	defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\sb6-e-m-i-l-y.tmp	defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2956	defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\defc7310d06e08e951f187ed3be0053b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\LSBBB93.tmp

Filesize
15KB

MD5
e69d2c26200b14e0270f1a0c62b8712a

SHA1
c4e450743d64e31772b800b65c1e64fedd3c88e9

SHA256
422170900f338182eaac2a321a3314493ac819d61749ae24c30eda887cdb912b

SHA512
83d647ec334fc48175a0cc7419fb99a5db02068ddd1960080c870f2d1a92957d1a0ee9314e85a8f5b7731d33b465d97a7c72ca83390eeabbbeb83e2cbd7a5ee7

Download Submit
\Users\Admin\AppData\Local\Temp\LSBBB94.tmp

Filesize
307KB

MD5
14efc6e434c89ef5751b931f13161336

SHA1
bb70d70012d658c2a40712cd2d8c1a3d79c9ca0e

SHA256
1c3f6b368b1a41ed004c46bbc156497dfc395be1324c2606fd37c5d71f6f6928

SHA512
3872295232386fa427c2e8bc7786ab0267bc8b93b9927aee830017c114fa379641d87690b82bffbde24cf84539cb5ee522ff34c66871209d46813706cb1b3518

Download Submit