Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25/09/2024, 08:08 UTC
Static task
static1
Behavioral task
behavioral1
Sample
f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe
-
Size
66KB
-
MD5
f590cf151f3fc21582fd30c93b52b011
-
SHA1
ef3b08eafae38ec7389917e6266630ecf78ac19d
-
SHA256
1bc6d18d8aa2820b2b81aa57be41d0d6b686bdd50e1404f826e12c7e480019b4
-
SHA512
9f4a1891dc53659be47eda1d0da041a51b0f6ca3a4d5fe3d9d6c433e3a1c51f178d9b6bf4fbb518b64f761a44c645c8315bcdae282fb652026a68318b4e33db8
-
SSDEEP
1536:JuTsyt2btMlMvdQo6jnID7luJz+7vnjgj9fkUh:wFqveDsIB+7vnjkk2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2360 cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2396 f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2396 wrote to memory of 2360 2396 f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe 30 PID 2396 wrote to memory of 2360 2396 f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe 30 PID 2396 wrote to memory of 2360 2396 f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe 30 PID 2396 wrote to memory of 2360 2396 f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f590cf151f3fc21582fd30c93b52b011_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\259436901.bat" "2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
PID:2360
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
203B
MD55743b201ef02e2db00bd8c38c408dd4b
SHA1943690a8d4ccc2a80c04dcdd456bfd5dd5069cb3
SHA2569ecac1351ae953bfbcbc643d5cf32bb287da64cef26a0c7b45e7b5aacd62d616
SHA512bae3f22379faf41ac5307c7d2e9e10c794e963c62de486b1352fb044fa085d7e84dda3ce4f3074b4c4fb2db0796ebd29dbd7f50644cdb23eaccf21dd267ba2a2