36a6bd14c468207bad218c223b40c0ee6c4120a529f96bfd9c8c868d235ee85e

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd467ed77f83283caf0c971e108c28fd_JaffaCakes118.exe
Size

2.4MB
MD5

fd467ed77f83283caf0c971e108c28fd
SHA1

88bda05eec93affc4e1dd2195d4f2c802b72777f
SHA256

36a6bd14c468207bad218c223b40c0ee6c4120a529f96bfd9c8c868d235ee85e
SHA512

cf566edfcb4a92ab2e20aec1a525ce0466850df4d09b625d688f592e9777ff89ee3d4d7214536ef355cf3a90f70853e37ab022d93c0572a9bd6136da40a4fcb0
SSDEEP

49152:7nO2w4q0WVtx2LeFKSFmDNAdlHk1JFjcXLFFl0c9sGNZebsgC/:idndx1FKSqAbk5AxrT9scysR

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2380	fd467ed77f83283caf0c971e108c28fd_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fd467ed77f83283caf0c971e108c28fd_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2380	fd467ed77f83283caf0c971e108c28fd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fd467ed77f83283caf0c971e108c28fd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fd467ed77f83283caf0c971e108c28fd_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso7F8E.tmp\ioSpecial.ini

Filesize
1KB

MD5
65b537810dfed09850719e24077a85d3

SHA1
e9b5f9d8c73ef4a700d2a32e81e1486396f809c5

SHA256
2bb4e45aaf6bd4c52d5708875f8111894cdae6fc5ea803aac3af3dd595456f30

SHA512
dccfb35317673abb37ebb76b5753861198a970014fe3aaa4ccb3aceeb34aefaeaab22ed3617c7bab44ce0005f4ab6187eba1a34f4630c7d6fab9e9e4d2f9b7bc

Download Submit
\Users\Admin\AppData\Local\Temp\nso7F8E.tmp\InstallOptions.dll

Filesize
12KB

MD5
4c7d97d0786ff08b20d0e8315b5fc3cb

SHA1
bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c

SHA256
75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84

SHA512
f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a

Download Submit