ca6f6ef58a3c935b1ea7393d7b52252946c294ab4dfd4f76c5349035184423f4

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 05:59

Target

1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe
Size

3.7MB
MD5

1ff51ff2a3233dd977ce4623942e4955
SHA1

ffdd8746174afd8adc02e668d083610de98f9c0c
SHA256

ca6f6ef58a3c935b1ea7393d7b52252946c294ab4dfd4f76c5349035184423f4
SHA512

5cb032fd01a29a32b34450376a8d7189764051bfdc24ec1ff88cc33fa96cb920813686eae374b53328805c3f73f26e25e48837d5997d0de1c7525d74ddcc5e75
SSDEEP

98304:QxE8o58YMu4wmSWqCF/HiozHPbTZLJoLjGSoE:QxE8g8PuIqCF/CodLGuNE

Score

7^/10

discovery

Loads dropped DLL 3 IoCs

Processes:

1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe

pid process

2172 1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe
2172 1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe

pid process

2172 1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ff51ff2a3233dd977ce4623942e4955_JaffaCakes118.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsoBE03.tmp\ButtonLinker.dll

Filesize
7KB

MD5
dd85ac7d85c92dd0e3cc17dfd4890f54

SHA1
a128fb7a05965c1a9913c6f5e419e6c4c0a7d2fa

SHA256
27abd2a4fb1bf66add60221b52d061bbe24d2d21e13600725ff7a5c6c777b504

SHA512
e4ff8216c65110a9d156f37c2062acb53a72daa8af12dfc24278920d9e1a4083a81b1446759df75405b2da34c7bfb1afc33184feedd0aee4ed73f79fcbb1a8a1

Download Submit
\Users\Admin\AppData\Local\Temp\nsoBE03.tmp\KillProcDLL.dll

Filesize
4KB

MD5
99f345cf51b6c3c317d20a81acb11012

SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727

SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

Download Submit
\Users\Admin\AppData\Local\Temp\nsoBE03.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
memory/2172-9-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/2172-20-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download