189ddb388a6c4afefdd5ba35a50ca37d53b319bcc1edc4591a8e772ca0034158

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe
Size

1.4MB
MD5

eacb148858b6c05e32aa40d19c2f76af
SHA1

b0d7a6f81c520802ac4b96293d76f9857d1dca39
SHA256

189ddb388a6c4afefdd5ba35a50ca37d53b319bcc1edc4591a8e772ca0034158
SHA512

03762bec35cfc8f175521e3a74824fbcb8794db181b14a5acea63169c24f65f2afbd1c03ea333277304b246897b04fc703c2fda99b7ca85fd47d19f6457e2ac4
SSDEEP

24576:Lutr5OUFplUtj4Fzj693DThEUO1HQVClM6RpVywNCvhQXv+HRd6rsMqjcQM+SR+K:LuX/UuRj+JQQVcFlovYvIjhcQNvK

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2656	sppactualiza.exe

Loads dropped DLL 2 IoCs

pid	Process
2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe
2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sppactualiza.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2656	sppactualiza.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2656	2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2656	2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2656	2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2656	2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2656	2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2656	2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2656	2756	eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eacb148858b6c05e32aa40d19c2f76af_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\sppactualiza.exe
  "C:\Users\Admin\AppData\Local\Temp\sppactualiza.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sppact2.exe

Filesize
1.8MB

MD5
588aa1cd4df61255197b3a528c72d5a0

SHA1
4f1a30ab89723df1cf3c2007979e8e31789d9c5e

SHA256
994b65eb35fb7c0efd264439b31996ce447735131e1065392b42d123fbdf4ea9

SHA512
41ca532b2f5a38643a3e96e74f65f97c3d8f972189b977610776c029fde1834e032789cdeb5832ab6bc6a620b354b7354220b4096706c7994a0a8923c05e0441

Download Submit
\Users\Admin\AppData\Local\Temp\SPPActualiza.exe

Filesize
16KB

MD5
76ae6c1a54f6a40e02d6357f6a3be237

SHA1
8767efc98ae67eb245be091b5e1d4b78f7a168d4

SHA256
cb4ba3f59e99413295d774daf1fe649294fe4dc3c2f437dfbe1f32f1bf0a6f89

SHA512
e23ee0ffb99b0fc3a1e9cd4c3e444d9d2b8a860a635d50b61ad0b46e3c44752d5643992b51e6b9ba6b8d45be84a4d948f4c3e60fda76d2f1b3c61696a247acf4

Download Submit