bc1af5e58bcb412a72e59c142f5a255ba4474c4330e4cdcc6991821a1ec6f383

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe
Size

2.0MB
MD5

176b728c76d39e62bddb985852b935c1
SHA1

27d3ee25d0aa4deca74901cceaf7cbbfa7e1a760
SHA256

bc1af5e58bcb412a72e59c142f5a255ba4474c4330e4cdcc6991821a1ec6f383
SHA512

5f335d3ea2cf8d1d829254105b2996025446f30c5a84218932f90f28d1594dca30af606cb6dcfae57b488bb03c190f58c8d6971ca2ff53c8ae9bf37f926c68d5
SSDEEP

49152:SGOihkel4EbeJKIzj/N9zd33g4ccCALA6ng4VK0WscBLYbrCRawu8:SoCI4Rnzd3Q4zbFngsKjFsrQar8

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2260	176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe
2260	176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2260	176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\176b728c76d39e62bddb985852b935c1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstFFF3.tmp\option.ini

Filesize
2KB

MD5
38b44cc2d80093dd845807c078f85b35

SHA1
c5aed0b217f3b916610f6572335ca26a9e2d3a0d

SHA256
e01f83e4ef96dec969d448669a74246ea3decb2b76b7b905d04ff7774a110f80

SHA512
b89ca9905f35e8eca3e9fd44b0b7de3682a0da44b0af038427b46e9b396e9b5959587fd2f7fb765f663d0bd14a0094839d67fa3adc6b8d0bd79994297911a5ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstFFF3.tmp\option.ini

Filesize
2KB

MD5
00357d98a31a7160892892ac301fd42a

SHA1
aa412b4eca866c49daa4e51779da27107e0ddd88

SHA256
6184e593a468a57a77170b88d22acda36e0e6dfcae96a30971f0c977671d0118

SHA512
bd2d3971b64730a9d1aee552795cf1e86fc0f72d6a6e041a0e5f24e12313c14b61429a95b0cb26163f77612eeddbb6ab4c1a9376bda167c0fee784388e9ea141

Download Submit
\Users\Admin\AppData\Local\Temp\nstFFF3.tmp\InstallOptions.dll

Filesize
15KB

MD5
828a94a3b9a080f79e84015b55fce227

SHA1
c15c615925bb72531ba32194253eefa49edaa93a

SHA256
1d0a17641f697203fd0c0b9ba0b715436299203c9c1be90c458fe668a1eb68d2

SHA512
c3d41a3f9377a8c18a85eec50a3eb3cf5a4ec8ea4bbffd73992455cb01aaed9f158183bc647684f82c516534266a46ccfcd7c2c0b3e1b73774c3bedc9e80054a

Download Submit
\Users\Admin\AppData\Local\Temp\nstFFF3.tmp\System.dll

Filesize
11KB

MD5
a82b0479708b96c7bf4dd6b798aedee0

SHA1
7e47b402848a86bdddd5f0de8bb4620471caaab0

SHA256
72410442a894b8316da6ad469f03997ec17c0b0d117745bb6ac5cac3232c7d20

SHA512
02e07def3897d87d546c0cf1492191591be587f64ae5c165b9a91fb977585c65a860135eb8c102b67dede913ea935459ce70c4ca973b292122c8d097ab130d58

Download Submit