704125e6f1e6af4404e67508fa6ede727f457f8083bbe960fd0248cc6673c3ac

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe
Size

5.1MB
MD5

0be92678192ce14fd6e955862a38f79f
SHA1

5fa6f3daf422c13bda8ec1201bfa6be78703565f
SHA256

704125e6f1e6af4404e67508fa6ede727f457f8083bbe960fd0248cc6673c3ac
SHA512

9a90402b662a21ba11bf8ee20b6db08fcaa59a906ac9c0d8fc76c4b94fd8a2c107d677b1aa8ccb3a72b2a7dbdf20f54e1ed8a9ded0faaffb4db5d1a1c7b51020
SSDEEP

98304:K2KoM0JzE74N9inbyO7+nJR57k6fniijfYqHaxkC7aRIW:KIP1E74Cb/+l7k6fniibMxy

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3048	0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3048	0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0be92678192ce14fd6e955862a38f79f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoB887.tmp\ioSpecial.ini

Filesize
1KB

MD5
486c2d777af61535a3bde3686d02404a

SHA1
151dcd3bb2c3f761cd3a7da17d1d74603850525d

SHA256
16d3498ce791148c8158445d46e5ecf607ec9f9bf387e9750339df5a2575c2d2

SHA512
08ddb7f090f052938b64acc687b7a871fcdc8d7576b996404c2912e6892c87b0bf47a344051811b873fcd178f3ca8944129bd105cc8d381767020bb96f976b19

Download Submit
\Users\Admin\AppData\Local\Temp\nsoB887.tmp\InstallOptions.dll

Filesize
15KB

MD5
67d8f4d5acdb722e9cb7a99570b3ded1

SHA1
f4a729ba77332325ea4dbdeea98b579f501fd26f

SHA256
fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

SHA512
03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

Download Submit