Analysis
-
max time kernel
94s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 06:05
Static task
static1
Behavioral task
behavioral1
Sample
eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe
-
Size
68KB
-
MD5
eab9dc992169249b0f2e8ddbddad5c9b
-
SHA1
3c669e33b6dbcfdc9a59ff84da2fd514eefc079c
-
SHA256
9967cf3f59ad1db9024c19239a39955ee275b47066d45475a5377778c84b1801
-
SHA512
280ddb1c1b0eea7799c7726eabcc82ab189a6bb755f1be55c3ad4c2cf691d26297f2d54bb00bcc3ff95c8ad8941279b1ebc90f4e12befe69d5c3b8c06b9398b0
-
SSDEEP
1536:fezz4XrcUXUVoRRmRRVJq+xiqWvmjw6MvI7G1z3HoX:GzMrcUk2Rmd8+k7Gw9A7G1zu
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\DRIVERS\TVicHW32.sys eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe -
Loads dropped DLL 1 IoCs
pid Process 376 eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\TVicHW32.dll eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\TVicHW32.vxd eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 476 Process not Found
Processes
-
C:\Users\Admin\AppData\Local\Temp\eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\eab9dc992169249b0f2e8ddbddad5c9b_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:376
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD554f07a5f975153581e2e8a797d761414
SHA112845dfc5ccd8c6d38a247c42302455c13b4b2e6
SHA2561e6f299ab8d793f9e0b40b31d47989655d79fffe8272f7c7ac485573537368d7
SHA51276a2c9fd621dea4ac5821a53097deafda780cc2490951c4fc4919713dc58ae5a0c01cfefb3ebd4155f0507527ff092df13939e37a11150aaa5650e21a793d6be