198f7eb83aa9d79a27789738ff3bc9efb8d94762c18d615fcf5b02975155ca4f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe
Size

293KB
MD5

10a4ae6b1407803dc98b7b9671e77e40
SHA1

49d5af5323013ab1bbe2bb3d4223056324f05f62
SHA256

198f7eb83aa9d79a27789738ff3bc9efb8d94762c18d615fcf5b02975155ca4f
SHA512

e97a3667ebe3a24eacc9b2bc67a3665657af3a46651c7b95dc74a49d6f2d931566cc105e8e17084d3b50313c1e6ff0df20b1f8ec5591e974a312f42d3be71717
SSDEEP

6144:mQEn9aA+NXagZei5DtsUAIkhZIK5jEgVtdwFBnzsQP6A1J1EqGq:mQW9alagZp9ieNjnIgOa

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2232	10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe
2232	10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe
2232	10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2232	10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe
2232	10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2232	10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\10a4ae6b1407803dc98b7b9671e77e40_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Tsu014C4A9A.dll

Filesize
267KB

MD5
4caa3c536a356ebea65fcad0ebf2b602

SHA1
cecffbe181191154b280c9d5326d16aff2762b8e

SHA256
6d36225a8ed55a7f35d404e5fcf833126bd01f2e3fefbbf8548993c318ef02cf

SHA512
01d95f583124661f883183183616735f30d5211c07c3c743b0dae65f2221b83be9bb33049a1b111f24f13fc160756eecf37bd1fb83ce8525eb3038a0d5aa2aef

Download Submit
\Users\Admin\AppData\Local\Temp\{1A4670AB-AB0F-B907-5BEC-E32DC1A5525D}\_Setup.dll

Filesize
206KB

MD5
0c1b9e5f1a57dc793b7abd7e2d7324a7

SHA1
f1a7ea6f99b09c817cfa26d27522a89fd109fa25

SHA256
020d32aef741e6eff4c9672308bfbc0af9e38c75154a9d9d03f5091bcafb55de

SHA512
d05e5f488d473feb63dea32efdb2680d6b17173ffd9848c43e39a041ff4c4b9068b14e11cbad6e132e2e4d95dbea24ebc75d90cd4246016217b4b6b0e059f93e

Download Submit
\Users\Admin\AppData\Local\Temp\{1A4670AB-AB0F-B907-5BEC-E32DC1A5525D}\_Setupx.dll

Filesize
42KB

MD5
66e0d3cb3825b658880be576875795bc

SHA1
740982ce3b3e4bd08c1cbd5fc8cfeb982f1d4e05

SHA256
27b7921fbbd360bf77db65a50b2cd9a600e6baaaf77fd60eee74476d9fc6c7e0

SHA512
23873b2052f66d3b5961cfd5ca26d4d3f507cbd0317116e6b773d23defe47c164e1040fb56392f17cd2644528c64dfbfdeccc46e1965a650786414c8f8f74c7b

Download Submit