c4bafdcf1f2f9593812c96e27591a3c988eabd1ec9d45337c394de86aafdaf71

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe
Size

3.2MB
MD5

171f66ba3c071dbe1126d5f5fc3b6013
SHA1

afb5ff236c336566d6750fbd7f3c9e7150ce1675
SHA256

c4bafdcf1f2f9593812c96e27591a3c988eabd1ec9d45337c394de86aafdaf71
SHA512

9b61131a404526e9591e2bf5104bc862e902aef65fea974781a6c0c202bf2ef9b903685a8688ef5eab8e1c1f42caf6fd56c160a7c5a2c48c685b01ff2b411a0b
SSDEEP

49152:VVAzmH9S9Q2T5Xnt1fOzs+t0eoAixHz7XbGhx6ASn1u/ODPSO34xH4SQnK6z9:a9fnt1Yz0GilzfU69c/KSOIxYSQd9

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2024	171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2024	171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\171f66ba3c071dbe1126d5f5fc3b6013_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsyDE8E.tmp\ioSpecial.ini

Filesize
643B

MD5
1e632123f8d5aae759c3079d6b597e8d

SHA1
453fe896bcfc1f6607c4e3cd63fd0653b108e7fb

SHA256
a7afe723bae425b4d35d7fed248945fab76064c1e6d95ba71cc8f1cddf4f8fba

SHA512
944bd37737f30f409d2781544f8f1652e5f3963e6f8e85e6535104188093009af8569cc54497864a62d2ca51f58d1d97343c8c0007a37e542f0df0c6cdc8b115

Download Submit
\Users\Admin\AppData\Local\Temp\nsyDE8E.tmp\InstallOptions.dll

Filesize
14KB

MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781

SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f

SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

Download Submit