506f4eda6582fddb8b0d21489f32477ae58aa56cb406ae4953ab2a698e62ae26

Analysis

max time kernel
132s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f542606605fb369f92754d5bc9ead103_JaffaCakes118.exe
Size

468KB
MD5

f542606605fb369f92754d5bc9ead103
SHA1

c78018ae5a2c5c07e570c39b65065c1cbefd3a98
SHA256

506f4eda6582fddb8b0d21489f32477ae58aa56cb406ae4953ab2a698e62ae26
SHA512

e8196f9ae0f678bce5c5c016b41bdc4cab63e4aa27f4de4fc8138ea8c592471d2ef30afb6912232a1cfe9bf13e0d0791bfdb14a34d260485e46002b0ab82ac2d
SSDEEP

12288:33gNUdRviVOaceuiPWHR3VhKvKHtvzKL3Yz:33gNUrviVOrejKRSE27Yz

Score

7^/10

discovery evasion trojan

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3052	f542606605fb369f92754d5bc9ead103_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	f542606605fb369f92754d5bc9ead103_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f542606605fb369f92754d5bc9ead103_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f542606605fb369f92754d5bc9ead103_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f542606605fb369f92754d5bc9ead103_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IM_B72F.tmp\instlangs.xml

Filesize
17KB

MD5
aa91818150cfadb667ae6f914d43dca0

SHA1
4411bd0038ccd464ed7597f0540cfe04867b9042

SHA256
2aa71646493cf47b38be0920488159b154eaf19193dc4a6ecfa0a6509196c7c5

SHA512
dd1310dc52bb6cc4977341dc34fb6a273e1349602a5fb3037e0b0d087b8f0d2d7a04e2db32e2708379758266c31422d27b5a35f5ba068cd7dbdd211b07893ecd

Download Submit
\Users\Admin\AppData\Local\Temp\IM_B72F.tmp\ActionEngine.dll

Filesize
977KB

MD5
7806d33221bf0e469edc2cdeb69528cf

SHA1
b3a947b2b431e1672f57fe427183d8a5b8a2ab62

SHA256
c81dfdd7c42b47bb513ca0091a26a9fd069b578536710aa77aa57c319dfbeaf6

SHA512
b935331ef37215a9428078b293de230d8455d4f78eaa2d4be2d9f1bdb8ff421b55595c6a6058e870c6b4ea7b4a8af161644d0faba3b911c7ab186ad42d87742b

Download Submit