11fe9bb3685c4c64446ce6237b5fd7d30abe7c1f031885175a86d9c93c20a6d5

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fff78250f2d27a402e9e55744b5b49f4_JaffaCakes118.exe
Size

258KB
MD5

fff78250f2d27a402e9e55744b5b49f4
SHA1

19777fc3258c4ad5db39613fe5fead145f998cfd
SHA256

11fe9bb3685c4c64446ce6237b5fd7d30abe7c1f031885175a86d9c93c20a6d5
SHA512

509161b173a5f0128a94669638b1d314138accbfd4c8683c97b83887379949a3edd84d047af7073b5d935ac91ac70095db7d07ce4e322ca38a04202682e5513f
SSDEEP

6144:K3xFQXwb+GtmvcRdlLKmRMnQ7GKkO0XgMWuQG/2CIYp1H5:K3jb+GRdencGK0R5Ie1Z

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2220	fff78250f2d27a402e9e55744b5b49f4_JaffaCakes118.exe
2220	fff78250f2d27a402e9e55744b5b49f4_JaffaCakes118.exe
2220	fff78250f2d27a402e9e55744b5b49f4_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fff78250f2d27a402e9e55744b5b49f4_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2220	fff78250f2d27a402e9e55744b5b49f4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fff78250f2d27a402e9e55744b5b49f4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fff78250f2d27a402e9e55744b5b49f4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\674C77B1\_Setup.dll

Filesize
128KB

MD5
dfc2848fe57982dce76d1631f32df4eb

SHA1
bcf875356d3c0801fa344999300f0e63e19368d2

SHA256
f7d6de806111208fdfbda305a0aa6c356618d072868aef7089a8f2b106495ed6

SHA512
78be702857660f9828d27fe387d2afdb3530996c1541c28451c14a839405ff715d7810e3a24d6307166079dc2009a6dceadc44bead24fe478acb576712287c65

Download Submit
\Users\Admin\AppData\Local\Temp\674C77B1\_Setupx.dll

Filesize
24KB

MD5
310c79744ada5c5e5ca4afa5c884c505

SHA1
bc9ce858290b9a8c53905473e352d2ada279d4e2

SHA256
4777f060dbb455c1923c4b93c9d646e670f9bc717d348230b0ddcf6bc440802a

SHA512
7eb860829c02614c6e9c031049bf0c0312433042a4b5476a23bd2cdbd4d810690e25bc2305672d644caf8450f699eebc6109c4ebbaf0cd78b83183bc8fd600f7

Download Submit
\Users\Admin\AppData\Local\Temp\Tsu-08AC.dll

Filesize
249KB

MD5
c147e4237b78ecd1804e8ed89aec3c5c

SHA1
74f7a58bc08794ec138205b18640ef487cea2d5d

SHA256
e0798d55f6f58944c03c739416b80794fc7b896a58f360d56ce40c84634c8511

SHA512
02f8730a8169f6029e80e5d79c1656e3d73838cde16ee137d7b764f5c725e8888f4ea81023c97e036b4fc262c679efe1fef66290e9028b631ca5b73efa4561a0

Download Submit