a44cd5b5b0e138700db49ed1d586284eeeb5cf3bff7891f99accc8d8ed734b4b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe
Size

4.6MB
MD5

f9baa184c52510d96fda63adc0c00fce
SHA1

4fec8f7a6fc1ec51bee6cde75f686cf029931e25
SHA256

a44cd5b5b0e138700db49ed1d586284eeeb5cf3bff7891f99accc8d8ed734b4b
SHA512

5da660b5dc5c8974a515d3d35399c5cb9ec8ab6424d2f488b6f06a8e9999a6ef1dc3cd89d6931eee1a4c92843b8a1523d62540bb4c08f6510980538b6952e287
SSDEEP

98304:caBnXmTjJ5qFx243PYUbONjT/ataWoNZBUdq5:xn4J5q3FYU0//ataXzidq

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2276	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe
2276	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2276	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2276	2104	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2276	2104	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2276	2104	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe	30
PID 2104 wrote to memory of 2276	2104	f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\f9baa184c52510d96fda63adc0c00fce_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21042\base_library.zip

Filesize
767KB

MD5
95462c19093be4bf7cd078bdcb4f07fd

SHA1
388c80414a9ef8543900cc35acfac14a48f184e6

SHA256
674af4c70be57098bf47d813ac361fd806a0d4b3066e36d8d8c6830fde8419d9

SHA512
81aa79a855815e81520e629fe3d9751b024e0d3eb6af41e3638149f1ad5dcdc1b6073a766adead065ca16aa8a435399b7f94947e1506df59ae1c8d32bcb53fe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\python37.dll

Filesize
3.4MB

MD5
c66cff63d88f6e9dd4d8e12263a928b5

SHA1
95c617965db8d8ddb76c2775a2441d1609605162

SHA256
1d70473101f95a42764c8430548645b0a9786bac0fe08367f593416c9b791718

SHA512
993001dcf9448dedf49fea89a76294364501dd09eac88184511e6ebab997119ac94e3e9d596d02571174f5a04b1d4ec6888f494eb0810e28bdb674867695005b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21042\VCRUNTIME140.dll

Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit