ec1693018b38ac8f2be71eaea9cbdb6bcb8911de5e56f9f69d8e06f1fec995f4

Analysis

max time kernel
101s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebbbc2403206de2fc892271dba0641fe_JaffaCakes118.exe
Size

2.0MB
MD5

ebbbc2403206de2fc892271dba0641fe
SHA1

d335f95d636ed759d4a9d8a1b7570ecff968b2d2
SHA256

ec1693018b38ac8f2be71eaea9cbdb6bcb8911de5e56f9f69d8e06f1fec995f4
SHA512

d2f114248b41fe47e9ad566ed2b27d85fc847d96cae99e4325ab608e07169e030693219efa50a2f28acc1057ebab7df17ecad13c4a4dc3aa0f9b10903e8839c0
SSDEEP

49152:3iENZarUIYfG+No0My5Uc8o79tTAzHHK/:SEwmJoLM0oRtTGHq

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1688	ebbbc2403206de2fc892271dba0641fe_JaffaCakes118.exe
1688	ebbbc2403206de2fc892271dba0641fe_JaffaCakes118.exe
1688	ebbbc2403206de2fc892271dba0641fe_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ebbbc2403206de2fc892271dba0641fe_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1688	ebbbc2403206de2fc892271dba0641fe_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ebbbc2403206de2fc892271dba0641fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ebbbc2403206de2fc892271dba0641fe_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso8F56.tmp\ioSpecial.ini

Filesize
740B

MD5
8aa214e8863173c2a17af94eefa765ad

SHA1
c9f9ae05f6a9f05c910c2429e0d103d4c16e3fe6

SHA256
17690fc0110aa6ce7e3aaa13a1d7975b10a6a144660126538eea7daee94236a2

SHA512
f9971a9b426d003a66b57257cc65622cb65d8d57c33e273c76e67be6d43660c7937cbd976de5bce4cb2d4b086d2e1345dc26808cabb87825b591b32525b77354

Download Submit
\Users\Admin\AppData\Local\Temp\nso8F56.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
\Users\Admin\AppData\Local\Temp\nso8F56.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nso8F56.tmp\UAC.dll

Filesize
13KB

MD5
07841403d5371183c4eaa5cab50663fb

SHA1
b0cee6e01502fdd2ee775922051333d626c63906

SHA256
3a18cf504265ab2267e1545106217767877fa9db6e2b5dd0a3a761dead33a99b

SHA512
436c1932d4ff56a11673beac5416ac0f2c7e90e5b993b3b8c8f589069d655da40c3ed514b99291ddf06aad66b0a634896daac19adf459ff791dccf3234af0e05

Download Submit