ef14f6b33988f3c1684074f4c6189491300224b979e6af30fabca67f56d0131a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 18:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1000e1755c79cfc70a5b5d9cd7718d8e_JaffaCakes118.exe
Size

242KB
MD5

1000e1755c79cfc70a5b5d9cd7718d8e
SHA1

2179f2f2a52c992a5645703cc1494c0f3821de05
SHA256

ef14f6b33988f3c1684074f4c6189491300224b979e6af30fabca67f56d0131a
SHA512

2e5bfe7e31fc205434436c3cab880318e2cb88d223bd9d9b7e1cc4663617c055411834f22d94f45ec1f13452c5f7a68d74d17e46d07de8554634f9bd69c5b7ee
SSDEEP

6144:6V4KpQ0ZNZ8QMgOAFqUu7FqQACexn8mYBmx5a0IB+9n:6VjZNZlOyqB7szC4Imx1s+9n

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2232	1000e1755c79cfc70a5b5d9cd7718d8e_JaffaCakes118.exe
2232	1000e1755c79cfc70a5b5d9cd7718d8e_JaffaCakes118.exe
2232	1000e1755c79cfc70a5b5d9cd7718d8e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1000e1755c79cfc70a5b5d9cd7718d8e_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2232	1000e1755c79cfc70a5b5d9cd7718d8e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1000e1755c79cfc70a5b5d9cd7718d8e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1000e1755c79cfc70a5b5d9cd7718d8e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\InstallMate\1F1C03B6\cfg\1.zip

Filesize
161B

MD5
4e362f000c7bb3f89786de8a97f4a922

SHA1
86241ca3746960e58266a4eb59da0ddcd33bcf08

SHA256
18f362b309eb00e2f7fde9467271d1bf2c6273aa879eb50bbec7c7969a9b367a

SHA512
bedea94caa11d447b903c580735d02d39d508d1ed05c0e571a5257480ab5748ac5d55daaad47bb6a13419c16c5323105cf036690c0f99f03d30117aa0bf24902

Download Submit
\Users\Admin\AppData\Local\Temp\1F1C03B6\_Setup.dll

Filesize
117KB

MD5
1c28622dac4f2c0bdbcf4237e3f25b9c

SHA1
9ce1a210c89494decbedcd3f8745cb0b3cbaeb64

SHA256
2d2822ef07899681d72ff8cb8db9607cec77ff12aeb4635c95a4f45457daa1ce

SHA512
c123efd18ba0164fbffa19d682c3b58c6498b7019e943447c2cda7e6046e85b34dcbbcc3ec159fd2ac2f4d546786ffe830fe7ed9f4fd7c71c304831af40a0392

Download Submit
\Users\Admin\AppData\Local\Temp\1F1C03B6\_Setupx.dll

Filesize
20KB

MD5
6ddd743e090ba0a5f5106f54fd92a45d

SHA1
86c6ffbe1198563457bb79a731b1b8deb7b9f480

SHA256
0b0566e8b68a1d1b28a11c9868705a4c72ec8619a3749346b30169cf16b0e9d1

SHA512
966644b1e08fdeb2623f70e9f77793868758531c9d606bb2ee452ea469ab1d1c159495c7022d9abc5bd3e67468fc3c3559b2991022fb9a7335cb80b6e41ee597

Download Submit
\Users\Admin\AppData\Local\Temp\Tsu-08B8.dll

Filesize
246KB

MD5
e671c2b76207304be7b9b601ea91773c

SHA1
1e801677f242467cecb3a4fa148a9acf6485c49b

SHA256
3cf077afb7ff0d7f7e9c7039c05c2d19c50d50941a73f4245093856ca8d2405f

SHA512
e2b7821b3fad3f24f644a75f7edee5bda4eae70a5ec6a9bb33bc52d5704bae77b81ef222ce65292ddc29a2a2322f81fb4ed9f74e730b8f9366b083717be94026

Download Submit