e315f62f0786390c7608029b0d366b4facff4b6ce54f05f8b3601c65aad747ef

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df5d8c08243674ffa442f8b73e24b0dd_JaffaCakes118.exe
Size

124KB
MD5

df5d8c08243674ffa442f8b73e24b0dd
SHA1

34a48da6c1537f1fcc2748a4334c070b5725091b
SHA256

e315f62f0786390c7608029b0d366b4facff4b6ce54f05f8b3601c65aad747ef
SHA512

760b840e6d02fdc4a43e9d59d60a51cbf06e7f9664f6e6e7b34d25c1e8a12cbfad5d4c06455c08d779e7f53a2344af14c398e2d96b1f548acf6c5ea7745be98d
SSDEEP

3072:CUXnviYhb8t/LenDkBTDiLV7eVxjDeJ5lc4MlGLq:NXnvThU/Ln3e7aeJk4MlGu

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2432	df5d8c08243674ffa442f8b73e24b0dd_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	df5d8c08243674ffa442f8b73e24b0dd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\df5d8c08243674ffa442f8b73e24b0dd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\df5d8c08243674ffa442f8b73e24b0dd_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AA100-12B\02\dw7958\PT3OULogo.gif

Filesize
2KB

MD5
1d4a0555281f6bff1f35f85ca3fa50ad

SHA1
dd340177b301d620c0bd19147a1ebba98ddefd6d

SHA256
0c7e8097e7f91824de75372c13f4188d7de783f2aab19761d1c75adc0eb59e64

SHA512
f03b0dffdc4cf08dd4f933b45a5ff4674f70108f335c4c317fcd2f3d25fd6f3d11648182975ab90e1ab564a7ab61aaf6da01935f8effabf8fdf2970d912ba086

Download Submit
C:\Users\Admin\AppData\Local\Temp\VWa02584\_adB622.adx

Filesize
9KB

MD5
c79a4a4612df128abd2cf64b16ca1e50

SHA1
0f1ec4002a728ae18e7f446d3e404cdabc823388

SHA256
cf1acc8b394f30b750663390845a93abc480e50f68438d7fff8b8a4f7f794da0

SHA512
4da75174a930500016f00c79c2ac0a55e191a97c4aa32db29b8bec27a45f05da5b73e56171f2913c80403bf9040cc654818a66428bbf116e7da404dc561bd965

Download Submit
\Users\Admin\AppData\Local\Temp\_adB622.dll

Filesize
76KB

MD5
eb459a6906218141b371ad14a527f507

SHA1
4d4bdfc8f2d1e9ba2fd989a6f1717d1ee0ae99ea

SHA256
ead52a9259af382c90d98ab686c7c92c715e05e287fbdf3e0dc091182e392f1c

SHA512
c111e28e90096bee88e55b2f7cb109b0a10a570255b6527d56fab688d93474e164e83c5f1dc13a91b3f2fdd0708f37963f0c4cbed41bc2bbcf40efe21afd697b

Download Submit
memory/2432-146-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2432-147-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download
memory/2432-153-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download