Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 02:34

General

  • Target

    e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe

  • Size

    282KB

  • MD5

    e189ae6f0c154585ce2e42116a1a8abf

  • SHA1

    ca4d5a5f08f7e43f1fdffa9276bd7579c32d28b0

  • SHA256

    c08b87c14d95911c77227842ad7e6bb89b6efc75d8720123504a9d59d71f98ba

  • SHA512

    31b0c5ee564dbdfe69fa44a85ee91b1d1c9bde5612797d47109af0e5304345a7a801b7669e8f5aacdbb5e0241e2568b43c03d9bb08affa8b9a16b142cad48c88

  • SSDEEP

    6144:tgMZadJaCQK/rF6hfBuFq6mwijimO+f3JmRpoLBeF4+:tgMZadZFMuY1jiuJipoLQF4+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e189ae6f0c154585ce2e42116a1a8abf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2412

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\Tsu-096C.dll

          Filesize

          249KB

          MD5

          e355336913b92a30d50e63745e42dc9a

          SHA1

          198941de3b1f4134d19215ec9889107f33519401

          SHA256

          8ba006776e50d8fa9482553b463f4159b35bc176117105d583bf88d352f3e4eb

          SHA512

          43df942ed7ff56403964fd17b78f451735c769f1229b317d07f1364b45290009a76bc516228762c59080489b7519e22cc604e759e0ea149554e4eae6b895db80

        • \Users\Admin\AppData\Local\Temp\{96C2A5CF-4C37-C25F-20B4-04154D218739}\_Setup.dll

          Filesize

          168KB

          MD5

          8979d201c1c4cff9ce0fea20b6b59f38

          SHA1

          d17be6fb557e7d99c4b23adaca57360d3c9e3805

          SHA256

          cd3b0484e365126aef00af9a6df25e5fbbdc1446e047193304d8e96751fc1771

          SHA512

          ebf291db3677fac32c068ab3651a05a80fe3f697680b8256d7ad0ecc21010f522b98a2cf2382f602b470529d6bad526512bd0aa41deaa486d0b9d54a05e6e127

        • \Users\Admin\AppData\Local\Temp\{96C2A5CF-4C37-C25F-20B4-04154D218739}\_Setupx.dll

          Filesize

          22KB

          MD5

          48dacd3e4540c94265f2a061fcaff911

          SHA1

          acefdbe6e1793016198d4a4c25a45988f62928f3

          SHA256

          78859b66f27ef188088f49fb9fac8874e163b307fa119eb5d18214d2e315cea0

          SHA512

          36a81f7f613bafad80bbe6b8fc6e3205e24a769c0286a2ecc9c8c086c4a65a496c172956610ee83b780ee5ce1423384a7f95d7b267909f9b3580ba95c0994480