9967cf3f59ad1db9024c19239a39955ee275b47066d45475a5377778c84b1801

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe
Size

68KB
MD5

eab9dc992169249b0f2e8ddbddad5c9b
SHA1

3c669e33b6dbcfdc9a59ff84da2fd514eefc079c
SHA256

9967cf3f59ad1db9024c19239a39955ee275b47066d45475a5377778c84b1801
SHA512

280ddb1c1b0eea7799c7726eabcc82ab189a6bb755f1be55c3ad4c2cf691d26297f2d54bb00bcc3ff95c8ad8941279b1ebc90f4e12befe69d5c3b8c06b9398b0
SSDEEP

1536:fezz4XrcUXUVoRRmRRVJq+xiqWvmjw6MvI7G1z3HoX:GzMrcUk2Rmd8+k7Gw9A7G1zu

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\DRIVERS\TVicHW32.sys	eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
376	eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\TVicHW32.dll	eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\TVicHW32.vxd	eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
476	Process not Found

C:\Users\Admin\AppData\Local\Temp\eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\TVicHW32.dll

Filesize
48KB

MD5
54f07a5f975153581e2e8a797d761414

SHA1
12845dfc5ccd8c6d38a247c42302455c13b4b2e6

SHA256
1e6f299ab8d793f9e0b40b31d47989655d79fffe8272f7c7ac485573537368d7

SHA512
76a2c9fd621dea4ac5821a53097deafda780cc2490951c4fc4919713dc58ae5a0c01cfefb3ebd4155f0507527ff092df13939e37a11150aaa5650e21a793d6be

Download Submit
memory/376-5-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download