Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01-10-2024 22:08
Static task
static1
Behavioral task
behavioral1
Sample
079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe
-
Size
672KB
-
MD5
079e8ee8b682f119ee474a96d36d524d
-
SHA1
52549950bcb997bd2a6f13fbb1018b8f65d2375a
-
SHA256
f2b5833e96eee299b284c2340463ece207b1490f4cf75457d041e22d37eed92a
-
SHA512
3084286b7606809b75ad9eb5ba3e5623476b6b998d35631112d83f4d777a35320251bb38e5da6421a050bd920d995c462aae8f3a3ccb112a0221647feac554b6
-
SSDEEP
12288:9s9LnUauV0BIfsgVjU7424qnGgYi5WGJZPP7BHigTsv+BJLfw:6RrIUwj0/7WGJZPzBCgTvBBw
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2808 079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe 2808 079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2808 079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\079e8ee8b682f119ee474a96d36d524d_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD573f20e2fb290530246762fe233dd9509
SHA1224efbc41295098b8d1e1b7495500a9912697b93
SHA25658c903399ab162d1043a6b5fa288fd739302bde7bf8a7c0c8ed28727fe09b3e1
SHA512cfaab7550c9f8ede1388d76e9a8c18e786db25929759a27510cd47902f664817ae12e1aaae128f3a04a526956ced49f1f36bd015985a2a4d7454fd54acdb49a5
-
Filesize
103KB
MD57c8733775e291e3211f918a30b425742
SHA1804bb654f45505939c33f7b7419dc3b6e5505ad4
SHA256ef4dc11990e88b19c8bb565b8e67ce9a146d69a4779d859474ba1effac993280
SHA5126461448339b36c6085dcb11931f9c69287f6008e9af70bdde6d2cdc16f9d3149b08ba896b6cf65c7360470ff9f8fcabb0250f2a24ef4fdb61ea5264855cc18a8
-
Filesize
28KB
MD5679bf4b879537547244106f1198f8f7f
SHA1199360a4e163bfe1358ab18c9c11d3b1934129f9
SHA25681cfe26ee06e165ca7f38cd5eb42ea60990be88305442dca689ce8e0f18891fa
SHA512754a43c351fbdf05c7813db3d711da657645a6c9ced0dd9ef8efdc28d157efd0503122c75a4ad44fcb7d890f71f700acf99e7c428fb360a76cd384e86433cc80
-
Filesize
58KB
MD580e41408f6d641dc1c0f5353a0cc8125
SHA16d957ba632df5b06d49a901f2772df4301610a2a
SHA256b09537250201236472ccd3caff5c0c12a5fad262e1e951350e9e5ed2a81d9dde
SHA512857d4dc087c73f00d79bf70edfc67ddc0b15a86a4fff366d91e5ef6684af43eed7dcf8579f6b4fb35dedd090973e2bde1a82aae07642136b608eeb1d567e5c03