0ed5b5d8bf9dd326ca69f99e72eef72a023cf4da2f1d79f340d8dfd299f9abf3

Analysis

max time kernel
102s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12e4e35e15029136098c3cfffb462907_JaffaCakes118.exe
Size

817KB
MD5

12e4e35e15029136098c3cfffb462907
SHA1

ecb73314e4646bf82699e50464edc291e9796754
SHA256

0ed5b5d8bf9dd326ca69f99e72eef72a023cf4da2f1d79f340d8dfd299f9abf3
SHA512

d1a90250d3b0c7f1dc96d6e4d0a62b07d5a318786337eb57247dd5d1eb985204da08b4b8b1b069dc0eabf9cefa182db90745ea13df5af4b2c42942561fbd27d2
SSDEEP

24576:+InWUcU0lOpmQGprMQ2kn+PVIcHGGopvsFuUn:+fhonG3g7HmpLa

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
880	12e4e35e15029136098c3cfffb462907_JaffaCakes118.exe
880	12e4e35e15029136098c3cfffb462907_JaffaCakes118.exe
880	12e4e35e15029136098c3cfffb462907_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	12e4e35e15029136098c3cfffb462907_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
880	12e4e35e15029136098c3cfffb462907_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\12e4e35e15029136098c3cfffb462907_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\12e4e35e15029136098c3cfffb462907_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsz5E38.tmp\AdvSplash.dll

Filesize
6KB

MD5
13cc92f90a299f5b2b2f795d0d2e47dc

SHA1
aa69ead8520876d232c6ed96021a4825e79f542f

SHA256
eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

SHA512
ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

Download Submit
\Users\Admin\AppData\Local\Temp\nsz5E38.tmp\NSISArray.dll

Filesize
18KB

MD5
c4279b957d4dc593074479bc088b74c1

SHA1
53de3c1bb13a19a0ae19d9db5cbef1b919520f83

SHA256
b279c82b7e6f6bf652c5b5440c20f01d522f6e8d3c79b72076e18796166316f6

SHA512
c1746122489ceb6c3af6c535beccd8d9d853c53dcb41274f122c43bc0ea5f9fe83873218e22d9c69a39f83ed54e7d5b8b9ab0adefaec23cf5d8c3a51438688c5

Download Submit
\Users\Admin\AppData\Local\Temp\nsz5E38.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit