Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
04/10/2024, 17:33
General
-
Target
144cb2feb069ec8e449fac34727887ee_JaffaCakes118.exe
-
Size
92KB
-
MD5
144cb2feb069ec8e449fac34727887ee
-
SHA1
404fe12a2f3c7160bfd9f1a8f973a681f9e5ea86
-
SHA256
e15f94f407749d17af0b5c84c5fb291b0e6b8ed8b80e0f50baeb9a5d79f8195b
-
SHA512
c79a7ea2510535614db638ba462e4026dcf5f8bedabc2e2cd2446d47ab4c48cee4f63406c29f14195cf1527cf1b116c5c1133de5bad078ca76adad203bdf5425
-
SSDEEP
1536:qHOyg0E+vOxt0c5hfHP1qlmv60lHj4UraTPVPSPkP4PjPAkbohaWdV7lObdEZxHu:7yDXA0c5Olmv60l3LbohaMAuwiNCP7J
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\144cb2feb069ec8e449fac34727887ee_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\144cb2feb069ec8e449fac34727887ee_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\baeeq.exe"C:\Users\Admin\baeeq.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5842571366bc1f2baa4b73caf3b637573
SHA1329cd111e1066d712cb18d7800f32dba317cc5b5
SHA2561fa73cf2a9195efdc51a94157431593ae577f48890d812ff568cd7b670b54eed
SHA512349898310e77009bbf5dafc0df8796d0563de4b5c3cbf2f11e8d1ccbef48d93459fbc852a28a4d86e181e0d0fb716166e4706a6073aabe6d8a2165ce3b9f7a0e