0873eb56d46863bab6f2d871b96762dc3291981d10ac6b4b3e5b08837bd265c1

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe
Size

975KB
MD5

ea874e53b7a9a0233454ee7494462bfe
SHA1

f72ed0988d10ea9514e0970a8ed31e10f2d905e3
SHA256

0873eb56d46863bab6f2d871b96762dc3291981d10ac6b4b3e5b08837bd265c1
SHA512

bde9fabdae5ab6a27d2b64e8ef85ac676f7c78d9da258ca0e4fbf126e087f60a3b47ea462375c06223b9ee2ee22110907957512faed44f5fd53de008d60b52e7
SSDEEP

24576:m3dTqABVQA0QD+h1GRa0k/7eojyQMRP26zV5C3qc/yuL2:kTXYA/l0/7xAP2iM3qt5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1616	jp2lt.exe

Loads dropped DLL 2 IoCs

pid	Process
2568	ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe
1616	jp2lt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jp2lt.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1616	jp2lt.exe
1616	jp2lt.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 1616	2568	ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe	30
PID 2568 wrote to memory of 1616	2568	ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe	30
PID 2568 wrote to memory of 1616	2568	ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe	30
PID 2568 wrote to memory of 1616	2568	ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe	30
PID 2568 wrote to memory of 1616	2568	ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe	30
PID 2568 wrote to memory of 1616	2568	ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\jp2lt.exe
  "C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\jp2lt.exe" -litename "ea874e53b7a9a0233454ee7494462bfe_JaffaCakes118"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\Default.spk

Filesize
110KB

MD5
bd74a4b30418260dd7caa695000eb8e4

SHA1
e7aa3f336ca0658f97ce94b9650b14d6eb2bac36

SHA256
871a247c75d50381109862a81b7501521ada711a85ad2400474a15bfafad6766

SHA512
05d261e3c8446f427646e29bf5581e03f16bab4ab34abbdaf7be7cd5554ab54e92fe260e867057dbfdfc018bcf328b9b1a966cda9ab324e27751af16d4251883

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\Media.dll

Filesize
168KB

MD5
d9644a9deed53d3c449c586a8ffd5b82

SHA1
c2533fe5b98638fd40cc83c3fe15c0e40206984b

SHA256
c81a8e7336acd7d2ed149d4d88204c775480fdec443aa22ff3c626bb3fc9784b

SHA512
28b5de93f05b5ba591bd400554ec7b3667c44accc62aafc5650dd3e229919cab1fffa1f4a38b5fe40ea29af4deb74ec07348b7233b2d5920abae697c741981ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\Puzzles\1375830.pzl

Filesize
305KB

MD5
9e030a9fbbd7b291e25497f325473ab4

SHA1
82d8eb0c9309a18955f4d4d2457881bdf2e855cc

SHA256
c6612cabd21ee68a104afab44ef52c129af7ea38fb9400042bfaed2ccecd9fed

SHA512
23ee243a9cd0bac48be328c72db4795958c70e616b75ed18316d89f607361df1cab61fd367bfebbeb0fbd2f0ed7fe91f54a709a4343d00a36b2bbe71b1c0c307

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\data.pck

Filesize
11KB

MD5
810261516945f6611547d7c67883a0ca

SHA1
6c607c52277a7063acd623d2ebf8f917c9420463

SHA256
5dc5a977b099f4645ebab6271442d13457bfc7a91564700dc982b292933b574f

SHA512
0d44ad0f0cc833bfb0880008de607765e25f908d883186e153f3537e9da3d5e1594b6d4524f765a40602af591d8e82901080f8775cffd3734d57dbec1349cb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\english.lng

Filesize
17KB

MD5
31b0db710db76b64a0aebd5293ab6385

SHA1
377ba394d5dd8acfb61409d2a55ce1eb968ebe36

SHA256
552b36b0c8e752cd08bc52c4322bc4f7f772950bf30908f0decc22f6f58f8d36

SHA512
64d81cc76ee0c3c2df2772174577494ba42e247a0f862010b5ab617fab1920dd87b3a47e77e7d9ed33976a3a7484cc84d69b67adb23ef5ce294c8d178e87ae26

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\index.ini

Filesize
85B

MD5
d46a0fa4b0514e4d48b642421d60c499

SHA1
324646ee871d04d703eab826f2bea198379f7a67

SHA256
278cd1ff9be6657094c728845c0a701f2269070e53cad4bc64beaf91658047a4

SHA512
c38e0112922c8f0d47523c50c3a3a612d1444292599f365120fe0fbba205a3634e351ad1b277485edfb209aba8deaae18666dbde658df02590cd6382756fc523

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\lite.lng

Filesize
917B

MD5
d6a6b435d0fae8bea7cf58f9e6556918

SHA1
b0c37e4c0b389e321274a29f2ff0e6c49cc26495

SHA256
b5bf33f1e3d183ff260b925b4bfaa46871f1a0e03357ccdad8fff05b26066423

SHA512
e664794bcaccbf86f6c3d4424427a9062f6ab82d6f2dfe07a13aea3e315fa114213d445a084e8e543075f3e5a9d82c0a1f179a7c257b425fb51e7ba4016b3229

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\log.txt

Filesize
3KB

MD5
0c1c4a8eb7bdc77df4e8abbf2e6b5bbd

SHA1
53d5f993a87e54ff5d877d6aaa23c0081beaf3b7

SHA256
f17dfda6d486cbef50a58ea1610cb94f45f19a0a1cf1d33f1fbd40ef599ed393

SHA512
45486c1d7bfa1db77998a6a1df958869bd7ab7096a8626d370027dddf3e3b0ade4913bc5ef41e0c5d09702c74bc2e5d6d213067df9078062d20260a64d8cceea

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\log.txt

Filesize
4KB

MD5
567864eec6113bbe81efb7113dc2afeb

SHA1
7dc234db6d6b5e7b0e8bf51c7d3aa6295862f5a8

SHA256
2333ca4f1c8a273fbd6b063702c7a6b634238a4a9198b8361fe874a60b786bde

SHA512
2ab839261452a120122f37d023b261375235d858f8f75379ab1403b2662e76159a6b587bcaf29ebdb363b62a93e60090d822ef53f2a4486c4416fa2931e4ad66

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\log.txt

Filesize
1KB

MD5
6f274600c3a6fbfbcf95363082e5b5c7

SHA1
20f1b396f36a02594960f0cec722f6269c02b9da

SHA256
13e854ea92706668709303dd9908768bed8e23f92f60636ce97c17e075eece5f

SHA512
55d5ca952172f08aa9ed16c7b19e4965b7222007c03ca93e861451c4c840a241557e2e1959e8c30a5ff54245b44ad5b2d1794d086fdaf312afb59fc15f93316c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tllB210.tmp\log.txt

Filesize
2KB

MD5
92ce67a6513a4f5048454ccd0308c0ec

SHA1
53b5b41534ae6b754ea4fbba78996722831c64a2

SHA256
bde9fa031ab0586bcd784849cf6689318195ff688b71d6f4e1b4c5d6509335cd

SHA512
163bc31dd901997a19e81838a8329c0a0043a4ac941e2e63a0e64b2e0368dcf5ab35dd1fb89888d3efdd085366b53afb30ada8857b0d0e22f98e72c47f886061

Download Submit
\Users\Admin\AppData\Local\Temp\tllB210.tmp\Jp2lt.exe

Filesize
736KB

MD5
e71f618cc6f979183d0ca2b46a2912a5

SHA1
6e425158dfea4396eb2242a232902aa9310e2876

SHA256
8b4f2caf96f7521a20963dc69a36ef94e7f41ed12ea4de656f361496d37c7e13

SHA512
46d57b7c3a0db85f7f66aa58a59c4ca825d4808a4aefa4a7bdccf8595f041de42a1a4cc5d6f6d33cf842ab5dab63bf27dedc1576a92828e459e475cd25cbba2d

Download Submit