a0983a907c7ed3f2f439eb16dc57eaeee676155022ed1c5124b6a2ab38971625

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 00:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eebf4acc96b52de076042a006e02ff8c_JaffaCakes118.exe
Size

126KB
MD5

eebf4acc96b52de076042a006e02ff8c
SHA1

f15d1f8a341289e747e2d0d9fe1ce73d62d093bb
SHA256

a0983a907c7ed3f2f439eb16dc57eaeee676155022ed1c5124b6a2ab38971625
SHA512

7134976f27c7e751f6deea5667aa732c83ad31f453c237bb4cf29630572334f4e816b458264b42db3120c779bfd7b92d0bc4f6f130b4eee7ca45cc91877bb453
SSDEEP

3072:VQL8UzYPfY+KGJhOpgLR36j5f8B+CzGU3nODt2Q:2PYXxUpgLed8AFU3nODt/

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2436	eebf4acc96b52de076042a006e02ff8c_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eebf4acc96b52de076042a006e02ff8c_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2436	eebf4acc96b52de076042a006e02ff8c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eebf4acc96b52de076042a006e02ff8c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eebf4acc96b52de076042a006e02ff8c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\eebf4acc96b52de076042a006e02ff8c_JaffaCakes118ow.dll

Filesize
40KB

MD5
83e8d292c410e77c522cc73195ea8d17

SHA1
d6c0416380dc67fbbbf13ac9fcdf2b919049ffa5

SHA256
adfb32c591e0c324a77145c942ec7f31cecc222f82e2cbec534add925833326f

SHA512
27d58e6389b54c9e6be2a6a3ecee49de87b6aa0b3efdb069d2325731ce3f2fb4771a6957a2011de84cafe688dbfa7093d109fd165d4693205350b6cdcde2e680

Download Submit
memory/2436-3-0x0000000000400000-0x0000000000429B00-memory.dmp

Filesize
166KB

Download
memory/2436-5-0x0000000000440000-0x0000000000450000-memory.dmp

Filesize
64KB

Download
memory/2436-7-0x0000000000400000-0x0000000000429B00-memory.dmp

Filesize
166KB

Download
memory/2436-8-0x0000000000440000-0x0000000000450000-memory.dmp

Filesize
64KB

Download