Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/09/2024, 02:34
Static task
static1
Behavioral task
behavioral1
Sample
e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe
-
Size
282KB
-
MD5
e189ae6f0c154585ce2e42116a1a8abf
-
SHA1
ca4d5a5f08f7e43f1fdffa9276bd7579c32d28b0
-
SHA256
c08b87c14d95911c77227842ad7e6bb89b6efc75d8720123504a9d59d71f98ba
-
SHA512
31b0c5ee564dbdfe69fa44a85ee91b1d1c9bde5612797d47109af0e5304345a7a801b7669e8f5aacdbb5e0241e2568b43c03d9bb08affa8b9a16b142cad48c88
-
SSDEEP
6144:tgMZadJaCQK/rF6hfBuFq6mwijimO+f3JmRpoLBeF4+:tgMZadZFMuY1jiuJipoLQF4+
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
pid Process 2412 e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe 2412 e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe 2412 e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2412 e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2412
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
249KB
MD5e355336913b92a30d50e63745e42dc9a
SHA1198941de3b1f4134d19215ec9889107f33519401
SHA2568ba006776e50d8fa9482553b463f4159b35bc176117105d583bf88d352f3e4eb
SHA51243df942ed7ff56403964fd17b78f451735c769f1229b317d07f1364b45290009a76bc516228762c59080489b7519e22cc604e759e0ea149554e4eae6b895db80
-
Filesize
168KB
MD58979d201c1c4cff9ce0fea20b6b59f38
SHA1d17be6fb557e7d99c4b23adaca57360d3c9e3805
SHA256cd3b0484e365126aef00af9a6df25e5fbbdc1446e047193304d8e96751fc1771
SHA512ebf291db3677fac32c068ab3651a05a80fe3f697680b8256d7ad0ecc21010f522b98a2cf2382f602b470529d6bad526512bd0aa41deaa486d0b9d54a05e6e127
-
Filesize
22KB
MD548dacd3e4540c94265f2a061fcaff911
SHA1acefdbe6e1793016198d4a4c25a45988f62928f3
SHA25678859b66f27ef188088f49fb9fac8874e163b307fa119eb5d18214d2e315cea0
SHA51236a81f7f613bafad80bbe6b8fc6e3205e24a769c0286a2ecc9c8c086c4a65a496c172956610ee83b780ee5ce1423384a7f95d7b267909f9b3580ba95c0994480