d00b0485cd930a9e3f614cffa13eec30e69bb612d2f958994095b360388db6b0

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdaede1610502bdb0f9edb369f204b00_JaffaCakes118.exe
Size

2.2MB
MD5

fdaede1610502bdb0f9edb369f204b00
SHA1

41ec8f8823b7d572dfe2e5db3abbf7016cb52ea1
SHA256

d00b0485cd930a9e3f614cffa13eec30e69bb612d2f958994095b360388db6b0
SHA512

ab82ac2f6fbf57db4a9f99138013695f44c3f95bc68336a3cd73ce995029ba73c861f0f2eed82929515ca9f816550a742ac5ca81d4cb89124cde47825c146fa0
SSDEEP

24576:cmlKZSKV1990dRJ5QOFwtNsOjnQvmr1YW+G7mIY6ChGHsyv3p+Y4WIrA/sQdLEYe:cmgdO6AOcOrbC5AVi1vY6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2720	fdaede1610502bdb0f9edb369f204b00_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fdaede1610502bdb0f9edb369f204b00_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2720	fdaede1610502bdb0f9edb369f204b00_JaffaCakes118.exe
2720	fdaede1610502bdb0f9edb369f204b00_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fdaede1610502bdb0f9edb369f204b00_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fdaede1610502bdb0f9edb369f204b00_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\gm_ttt_64018\D3DX8.dll

Filesize
484KB

MD5
74529599302a2e09c30b1e119a0709f2

SHA1
5990f60194ecafaf43340e44657d224f8d5682eb

SHA256
edfc5f86be36c2c509e4ad6ba3742bb5b2429a56de805a99771e24fec62b076a

SHA512
25d1c2bc15f5d20f3d69a2c20727e4e2cbb7086aa18ec535eea2a5766302b031c12b9139467b717537300e1497102b387dcc3f53ca5ff11f5301de672efe4b07

Download Submit
memory/2720-0-0x0000000077800000-0x00000000779A9000-memory.dmp

Filesize
1.7MB

Download
memory/2720-5-0x0000000000400000-0x0000000000766000-memory.dmp

Filesize
3.4MB

Download