c8d5199b5c83afb8071db7b1da4610ac81b643d0bb760065fafe5142906fb086

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
Size

1.0MB
MD5

ead27f0ac338e950898874e1705c08ca
SHA1

d2f2e7f09d264150a4dccc5ec681a2d345d3dff9
SHA256

c8d5199b5c83afb8071db7b1da4610ac81b643d0bb760065fafe5142906fb086
SHA512

c9a8ed3f9833c6fca7df1b28db99891725e21f11bd690d781f8709dc6dd67fec1d74e408638ebaffbb17c477b3bcb97bfe9fa636bcb0005f9032e812d337cf1c
SSDEEP

24576:fJT/meBXuuMR4YjBxl6r8WcxAo5Xm8d4JRCgdBFBwFBJ8nBndeSa:fLzMyA/l6xs4JxdnBYCBndeSa

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1864	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
1864	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
1864	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1864	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
1864	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
1864	ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ead27f0ac338e950898874e1705c08ca_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\.#\MBX@748@501B00.###

Filesize
2KB

MD5
9e356e4ff15ab91fbb0dc5398f03f517

SHA1
e90229f196cd15e14957218e9e0ec14a67c7d575

SHA256
beb9f07566253f4bd33fcd76c59057340fba604f88c6593cb8ea3a03c44e7388

SHA512
057b29bb41cc83d59205dbd46de2ac5a641c85ca55c0d432d4e7665be2becbe4f0a33855506e838a79cb77b46dea21a60b54edaabafab06772816eddfb322ab0

Download Submit
\Users\Admin\AppData\Local\.#\MBX@748@501B10.###

Filesize
2KB

MD5
5e63f78ff7a6c817275471a66d751a04

SHA1
08cf9970cd71bab0ff8e4b7fd140a23148087a3e

SHA256
7a5269fa023d1f264d676e22cd6d806f811c21cff240d9895fef05f530211e7d

SHA512
11810c1aaa2c76beb51a86b937e4969bf4da00c7ce0f430985a0bace57fae9b52e166b37b05d07ddbd9d47d87b2c5dd6a2b60d54ec67e88b7ac7fd503bf5241e

Download Submit
\Users\Admin\AppData\Local\.#\MBX@748@501B30.###

Filesize
2KB

MD5
f007aeed5d6e62df2298e8b9b85c17be

SHA1
e154f58e2e402de23f104de708742fa4063c46f8

SHA256
4b4572fa0b5d1dcd70cf86ca65d37136899a9aa4b5480ad8412b55e4b9e1e6a6

SHA512
b85df9f2152050de44a3bb5cf98fa3c1c2cdfa83e410319068f167b68a24400cdc9d1251aba56e47b9dd17e38444d9a2d5035607d538502aa2b3925663598a54

Download Submit
memory/1864-13-0x0000000000470000-0x00000000004C7000-memory.dmp

Filesize
348KB

Download
memory/1864-22-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1864-11-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download
memory/1864-10-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download
memory/1864-9-0x0000000000470000-0x00000000004C7000-memory.dmp

Filesize
348KB

Download
memory/1864-8-0x0000000000470000-0x00000000004C7000-memory.dmp

Filesize
348KB

Download
memory/1864-12-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download
memory/1864-0-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1864-21-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1864-4-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download
memory/1864-17-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1864-16-0x000000000044E000-0x000000000044F000-memory.dmp

Filesize
4KB

Download
memory/1864-14-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1864-23-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1864-26-0x0000000000470000-0x00000000004C7000-memory.dmp

Filesize
348KB

Download
memory/1864-25-0x000000007C250000-0x000000007C353000-memory.dmp

Filesize
1.0MB

Download