19991ac1ecf67e91f77375904631add4428882fc71a67833f015dc2a63c8ed0c

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

015f45d36a587f712f8477832b65276e_JaffaCakes118.exe
Size

82KB
MD5

015f45d36a587f712f8477832b65276e
SHA1

5c13aef9070d10c7510a3f9caa873f0353c1fd81
SHA256

19991ac1ecf67e91f77375904631add4428882fc71a67833f015dc2a63c8ed0c
SHA512

3a6fb14ba1fbcbc7f8152307989fdd12eeb3e452f62ae7bd2ddf5d38992d5de885892a99265ef486433b6d5377e38f49e750dad6ed8a766ffec853315e7ad728
SSDEEP

1536:F/gKlq/IESa2500HJRhMoDfRXhAD8GWkk+HXv8x7Siq76qCpes86tuyGRXgq4:plGOW0pRhBfthAIAk+/8x+n76queCGG

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2840	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2840	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
1940	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1940	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1940	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe
2840	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2840	1940	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe	32
PID 1940 wrote to memory of 2840	1940	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe	32
PID 1940 wrote to memory of 2840	1940	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe	32
PID 1940 wrote to memory of 2840	1940	015f45d36a587f712f8477832b65276e_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\015f45d36a587f712f8477832b65276e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\015f45d36a587f712f8477832b65276e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Users\Admin\AppData\Local\Temp\015f45d36a587f712f8477832b65276e_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\015f45d36a587f712f8477832b65276e_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\015f45d36a587f712f8477832b65276e_JaffaCakes118.exe

Filesize
82KB

MD5
d831be4f7ab6904bfebe6d6cc4b15e9a

SHA1
71933b6f73bdb626d97a14682195eb5f7c95b700

SHA256
a6d25e513fbeb0508e50ce43344d12f02d27684fcdb4dd2a2187bd7d5ef09dfb

SHA512
01b317daf4243c84519d8d264413a01e87fa7320ac3b1e19cbc4fb48aa9af609e5497a3f2cbe97437f0b8036d825db363cd36fc009f4947d699bd771fefd20a0

Download Submit
memory/1940-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1940-1-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/1940-3-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1940-17-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download
memory/1940-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2840-18-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2840-19-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2840-30-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/2840-25-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2840-31-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download