32bf53ee5bdf86caa1c8a1465336f465b6fbfd225afe28320826b48554526278

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea7580188f33309dc495f8c0f7a1e525_JaffaCakes118.exe
Size

1.1MB
MD5

ea7580188f33309dc495f8c0f7a1e525
SHA1

d518ff6061d83214c5c23adfa6238dd5fddc54a8
SHA256

32bf53ee5bdf86caa1c8a1465336f465b6fbfd225afe28320826b48554526278
SHA512

6972a5fb032fffed40425d7732043e11c26a7043f93b8f5c329cfa3a579f38892e079f883e662491970c502c6a98d8615e3ef65db2dffbca204e30d818101414
SSDEEP

24576:81hJsV24a3b7oY0q8WmPMRmjKFk9mJ1QQS44tPa4hoAeYXp:UhJsVIHd0qu2mjKK81N4hG2p

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1960	ea7580188f33309dc495f8c0f7a1e525_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea7580188f33309dc495f8c0f7a1e525_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1960	ea7580188f33309dc495f8c0f7a1e525_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ea7580188f33309dc495f8c0f7a1e525_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea7580188f33309dc495f8c0f7a1e525_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstC1F9.tmp\ioSpecial.ini

Filesize
631B

MD5
5b1fe4ac4ea0d0867bfd97cca82be156

SHA1
23e6d2b099bdc9179ba14aa9768f75e766e72422

SHA256
2f3a6b8e22e7c6edfce9b55e90307cbc29f413802de12e5c6340f7f213d19063

SHA512
7330fd02ec7a84d9f014ae25e75aa24718744c71059ae9420514a099c938e8eb876caa64fbb3364c55ea8bf171ff0fd27d2edf64a259b24062a866b0606626ec

Download Submit
\Users\Admin\AppData\Local\Temp\nstC1F9.tmp\InstallOptions.dll

Filesize
12KB

MD5
5ec2356b7ad6993d3d4bf31a8dd45473

SHA1
1814b404da2a62b0184f120025262892b00f1fb5

SHA256
e2f63aea3f1ff6d8f075a2a8d386acbd4888c08b01b7cf5ffdc3b1570d2f2109

SHA512
ef1116c190d447f61e7bd5fd8432ba04c1cd24f7d5497d83bb06c5a84219bcc827904db3ea01fae545e8befd925fe68a187ba0e99148dede11e19f9780683be0

Download Submit