c2fb60090b281f3d67b99cb639c36e81fb59a4a93b5f27b25196103aac7f2d4d

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe
Size

447KB
MD5

f70fd62c88c73663c65a0dc8823c81f6
SHA1

1629b87eb32d8e6fa50c79393db3aa9487a26745
SHA256

c2fb60090b281f3d67b99cb639c36e81fb59a4a93b5f27b25196103aac7f2d4d
SHA512

37c1fbd27374d67b8b2240188a19396796320bf017b1cde7e3005378a76609d92ec8626746e32b07b190cb648c46854ca5c512ab94b32e41a3df96a19abd59bf
SSDEEP

6144:FbMUxmYrUkGeWKUq/Jf8Woll01bCk6SHOwiOI4LMaGsn+sqmwnGk11KpnWZ:VTvr/GrQ/JZola76G9zMah+JmSvEW

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2536	f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe
2536	f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2536	f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2536	f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f70fd62c88c73663c65a0dc8823c81f6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\pts9656.tmp

Filesize
84KB

MD5
b0a1debd303c8917f5df7ee96e5d180a

SHA1
686d3e01c2894543e6d78ca8558ab295892a3c25

SHA256
c264df280cbfe563cba87cdedfbed18b5e41766f514782a4ee1e821b04e70df4

SHA512
d522faed4a191b3abd7466736e0517c3cc27e6c759bb55f227342ead49ade816e9f71193534a4afbd5cddc473677ae748216e509129cc97b4226e2b197567e1e

Download Submit
\Users\Admin\AppData\Local\Temp\pts9657.tmp

Filesize
84KB

MD5
78bd7f85d17bf25377d895cda042e663

SHA1
7a2997106287c763bc898e4fd7d516145dc2539b

SHA256
1c888945ca459fd4d8c0ee2f8df2bfd9c4dadac72c3bcf3238d862e8f67acd25

SHA512
a06206356f7b378c1958d441944691ef4036c9a68963abb51b62e03c4582d8932051daf82468b29b31493b5479808351bf6286eb36cc4bf299ebabe6bcc67ea3

Download Submit
memory/2536-0-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/2536-7-0x0000000000310000-0x0000000000326000-memory.dmp

Filesize
88KB

Download
memory/2536-2-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2536-9-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download