b9ccc5812e4e5294b83be73fff04839a7f3254a55092c162141169e00a8ca1b8

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 16:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
Size

1.3MB
MD5

f67365068fd8e56d1c1eb4cb7fc01f53
SHA1

69f72f13d71d95cb1902d3a6f1f65eb42f5ebb4d
SHA256

b9ccc5812e4e5294b83be73fff04839a7f3254a55092c162141169e00a8ca1b8
SHA512

f675926ebe0ec1d4149f612f301a1d1573c3093938f198f58b6f49c071847d87b2ce2bb06c121a937981d0a3475b8aecc526c91ccf77889ba3a6701dd1253358
SSDEEP

24576:liOVZuFFHwtd8QnoUoyUlz9OLoZKXa7A:+iwjyy9tZ9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
2056	f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f67365068fd8e56d1c1eb4cb7fc01f53_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CCProxy.ini

Filesize
2KB

MD5
147d0db37bda740e725a5e75d616560f

SHA1
0b2a80570b02fd65f876f12a4e917561e2d79fd9

SHA256
edb08fc1f83cfe70d881706d3e8badbb90df1b6e8eb9aaa6b554110ed97e09dd

SHA512
3f2cadbacbc8b3f4c0a5da2cfe023b3cf7ba34799d1cdb6da03f7bfa0b9c0bf5b50acb44effbe2e810289347cc99bb5019388ddfb69d4efb556daf9812200639

Download Submit
memory/2056-0-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download
memory/2056-410-0x0000000000400000-0x0000000000549000-memory.dmp

Filesize
1.3MB

Download