b2ce0b9bb12e968b0e1f3e314f475e05d068af8c2238a9c6e728af147250b44f

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 07:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
Size

1.1MB
MD5

2cf2ca26880bf364e7ddad6fd051f5d5
SHA1

4e177b756525897dedc6b05613ab873b90a6302e
SHA256

b2ce0b9bb12e968b0e1f3e314f475e05d068af8c2238a9c6e728af147250b44f
SHA512

a91f7048f866aa5d3a42c9b829b48f26c6442764ec7722d4a3acd5e96e2d9fbea5a1a030fcf64cd11e4a6855981c3afdafd9d0459e62883123b9eea6ca32fe25
SSDEEP

24576:NM9ZKM1+Cmu5nM4XU0Aq7uz4bHt+zP/vPKK3zcOJww/JnxrO:a9obCmIMk3KUbHtqnrLwQxy

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
2232	2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2cf2ca26880bf364e7ddad6fd051f5d5_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_N4\iext.fnr

Filesize
200KB

MD5
1b74df2213b76ccc335291b56c43b28d

SHA1
4fb84748e4666db7d14115478ce3b5b09e899352

SHA256
a5ad724456283e54a2a875d17d261ece50a1fb6d7e47f6ad4254cdfe0476a1fb

SHA512
e32580c7bf59a1a6bf3a8f691f68ec34a3b222086de4de3f65917901684f459059eb011961bd8751d982de7394193a4b992bfbc166534b34dbf3acacf81bc9b1

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.1MB

MD5
ee3a797098437b2aec7c5759988d8ad1

SHA1
82bc6988a86038c2fdb21d41440ae8dbeb58bd0e

SHA256
5b814c23cb2e96a7cb813a6a199dda66716ed4362291f2cd922ed1ba2ecc71cc

SHA512
571d859d48a72d429a7894d64d5abff209b2d55f3b2f1ed39ef5c5ff869164ad966df835ac270fd4e731a92d50321fa524db5b15d8d4b08bfa5848dfa47c9582

Download Submit
memory/2232-0-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/2232-6-0x0000000001CA0000-0x0000000001CE0000-memory.dmp

Filesize
256KB

Download
memory/2232-9-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download