52ed0bbd431147ec739f7b72a98986427b92514c60e145032190be51af883add

Analysis

max time kernel
145s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe
Size

324KB
MD5

fe3a11b3a1498562e823ab572b107b4f
SHA1

2eda010295cfdc973d609fa73e4fbb0727533cef
SHA256

52ed0bbd431147ec739f7b72a98986427b92514c60e145032190be51af883add
SHA512

7835203fb541ead0c63a0e0860abf734e797ffbaa8980b711c11c980cc3a7b0c5cbc5fdec8e3cf40c12732e64bb136c7ead25f89d520db7305eacc062fd3de37
SSDEEP

6144:fDS3rZRhI966AGkAjOpoaY7DB5QPDA7UbamnY:rS3Fq6xGJOpqUPDA7Umx

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2604	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2204	wtix.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wtix.exe	fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\wtix.exe	fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wtix.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2604	2972	fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe	32
PID 2972 wrote to memory of 2604	2972	fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe	32
PID 2972 wrote to memory of 2604	2972	fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe	32
PID 2972 wrote to memory of 2604	2972	fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe3a11b3a1498562e823ab572b107b4f_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\delmeexe.bat
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:2604

C:\Windows\SysWOW64\wtix.exe
C:\Windows\SysWOW64\wtix.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\delmeexe.bat

Filesize
235B

MD5
c396aba7ee8457744052d5503196eeda

SHA1
b5ce7055cd104ed5b713630884fb52e48afd93e9

SHA256
7733917beda88431505248453a3af424928b56c72373de0fe47af5876bda96e9

SHA512
ccdd66b6748eacd97a533f745ef444792429aaf1ca35b0001550ff82cc1056e8d9cfb8bd88c7d8886e4d0b070226541e9d5554f48f55f297569e0abdd7734d44

Download Submit
C:\Windows\SysWOW64\wtix.exe

Filesize
324KB

MD5
fe3a11b3a1498562e823ab572b107b4f

SHA1
2eda010295cfdc973d609fa73e4fbb0727533cef

SHA256
52ed0bbd431147ec739f7b72a98986427b92514c60e145032190be51af883add

SHA512
7835203fb541ead0c63a0e0860abf734e797ffbaa8980b711c11c980cc3a7b0c5cbc5fdec8e3cf40c12732e64bb136c7ead25f89d520db7305eacc062fd3de37

Download Submit
memory/2204-73-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-84-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-85-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-97-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-96-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-95-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-94-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-92-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-91-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-90-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-89-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-88-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-87-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2204-86-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2972-50-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-39-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-71-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-70-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-69-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-68-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-67-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-66-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-65-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-64-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-63-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-62-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-61-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-60-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-59-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-58-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-57-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-56-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-55-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-54-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-53-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-52-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-82-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2972-51-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-32-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-49-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-48-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-47-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-46-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-45-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-40-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-72-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-38-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-37-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-36-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-31-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-30-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-29-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-35-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-34-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-28-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-27-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-26-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-25-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-24-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-23-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-22-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-21-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-20-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-19-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-18-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-14-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-15-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-4-0x0000000000280000-0x00000000002DA000-memory.dmp

Filesize
360KB

Download
memory/2972-5-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2972-6-0x0000000001F10000-0x0000000001F11000-memory.dmp

Filesize
4KB

Download
memory/2972-7-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2972-8-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/2972-9-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2972-10-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2972-11-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-0-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2972-17-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download
memory/2972-16-0x0000000003020000-0x0000000003120000-memory.dmp

Filesize
1024KB

Download