ef9755072c43bbec747bd1877a331f49e123b69ce81e72b1275cf961629f7b5e

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe
Size

1.0MB
MD5

ea7c119473ac99556c00728b0483702f
SHA1

0418b45580cefe75eeeb05aa2d9d1a25769c2db6
SHA256

ef9755072c43bbec747bd1877a331f49e123b69ce81e72b1275cf961629f7b5e
SHA512

6c5ede9417d9213a57306f6dbaa58c0722be6149bd2537b5671a7e989f01f4986698eb0ec19b6b1d4a6972a4e30a943b4197061e140b4ee2bd1c36e2c4aa3584
SSDEEP

24576:qUWqist/YueXKn5b8IfSlyGP4UqBb5Z1a7t2yJVw3Gbr1XBeD:qUUlupJP/GhKza7tN9br1XC

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2544	InstallProj.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallProj.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2544	InstallProj.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2544	InstallProj.exe
2544	InstallProj.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2544	2204	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2544	2204	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2544	2204	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2544	2204	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2544	2204	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2544	2204	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2544	2204	ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea7c119473ac99556c00728b0483702f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\InstallProj.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\InstallProj.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ReadMe_en.txt

Filesize
5KB

MD5
9fa757b4f4ede02c89e993170fad3312

SHA1
04f3fd416264e23c83bbeefad346e320322aa8e0

SHA256
a659fc883c7cd1fbb27b6fb29d37dc860351dc98e52b0a08edcb953712cc7275

SHA512
5cf47b77135c24ec40ea7ddf7797972450cc0477ce2367c72ef37899189746db4f83f70d42faaa7398c1f36f2fbf51b3248a89a0e744918045575988fc3fb456

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\InstallProj.exe

Filesize
491KB

MD5
fb964d230350eadda0a50e4d6b064ee5

SHA1
7df8f881a6874f0e8fb9e183635b1e450fb4ee69

SHA256
9eda6fbeef8fe18f5b7fc8be31b167980fabe7bbdc24a968bb0dfe7bed7963a5

SHA512
f986963cda7e57b2e2dc8bc90a9c4241afb0c7857bca4584d6ce5e5f27d062f00b07dc3dabc0f4546716747bbafbc92e7f06ab9f2e970733c04e5fcf45049792

Download Submit