53f6f880c184207258c832c4d5c6f0f6080ed73e520877ee800559a3c12c6c8e

Analysis

max time kernel
101s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0a4d8d2b475a04f7599106993ddc26f_JaffaCakes118.exe
Size

225KB
MD5

f0a4d8d2b475a04f7599106993ddc26f
SHA1

fa106acf7fe5c9d96a727113e1a1df9bd1dad5c5
SHA256

53f6f880c184207258c832c4d5c6f0f6080ed73e520877ee800559a3c12c6c8e
SHA512

ab47d430ad06299bcd991f4c607e01ffde48ef973524c69f12cc5c3b269630fbd1b1696465fd9d3457f3d672a8ac01d0580e4b74b554e42303eecd5681159216
SSDEEP

6144:1sgykiIp8NhbeQTsEVRUrjLNWhOncw18dL:tykiIwbhjvUrjpQcwh

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1348	f0a4d8d2b475a04f7599106993ddc26f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0a4d8d2b475a04f7599106993ddc26f_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1348	f0a4d8d2b475a04f7599106993ddc26f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f0a4d8d2b475a04f7599106993ddc26f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f0a4d8d2b475a04f7599106993ddc26f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nszCFDF.tmp\Single_incr.ini

Filesize
2KB

MD5
2c72f75a0c71effdd9b6406e09fdedae

SHA1
6fb80b5060415b0a9eaf6c5df5437f35147f4c87

SHA256
56eb6043c526f6aaca887d1504445e499d50cd6713064744945d04d1b25af81f

SHA512
e9b95e8385b750a6a4f09364ea59c7ec0b1837499868bbd54cb2eae96f19fa723e4cafe467198aa3eaa08760eac61c8ddc867029318dc6188897dd0654dc3b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszCFDF.tmp\Single_incr.ini

Filesize
2KB

MD5
a9ac805f5f51ea59df0d3e00b801f8fd

SHA1
474e6435f2de6511930acda7299768f4f71ba136

SHA256
5047ec126cdf040fb4868455b26897b14f68af9470356a2eb3aa53bd170131d8

SHA512
2a32df5c817bd062cb9354594d59eef7230249a546aa5d57365b6694de8c4c9a9e0650796ab18697b1e4764994c995497f1d411daefa2fe4e57bc3b9fb5384bb

Download Submit
\Users\Admin\AppData\Local\Temp\nszCFDF.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit