7c0f8e812eb1bc8bf80cb3a55a72adfc50eef194e7ca6ab0005bf3459866849f

Analysis

max time kernel
144s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe
Size

1.9MB
MD5

3aab6dca6d0372c1a130ebd5ce5d2816
SHA1

52ca1fe9887b90e506094c7d4393be0e68df2645
SHA256

7c0f8e812eb1bc8bf80cb3a55a72adfc50eef194e7ca6ab0005bf3459866849f
SHA512

9fe0a15ca99984e091f459279f443400fe5d98e9647bec9a937afa0700286b6bf12cd0372c162a2263fb790f8027248c9f1611d1f380a94a2486c882829a821d
SSDEEP

49152:khVSi9qvkUFw+zOn/2eN6ts/f7qIHuDJKAQV4bWNnVP:gMsUFw+CnOeNLqIO13cP

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2196	3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe
2196	3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe
2196	3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3aab6dca6d0372c1a130ebd5ce5d2816_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsj3554.tmp\StartMenu.ini

Filesize
697B

MD5
2ab5db2dafd6803432afbdc0fc5a509d

SHA1
d920d7112b518abb73ad6750e3338d1449cfbae8

SHA256
ad10b519669ce6a3c96e56115461e119a438cef5e2df82895b309bcc23b03485

SHA512
630fb283359935c51147ffa34788195fccbce611cd66f6ae342c5386de7eda6dffa192c80a0a8f30e8cee6605f89f0760307179e616be8dcd363e804dee3c8b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj3554.tmp\StartMenu.ini

Filesize
697B

MD5
abacfa46bc89b11da40932026e849742

SHA1
66bf9312b981f28e181661cdfc2e2af4e76b558d

SHA256
2f2c3cae4ae7065de813cf8500ce57f3f17594411a7a50f2c312fe9689ca82a6

SHA512
a8687ef1498f6909c98b0d6f7ae1b8ac974927393c701460a7b058077d56a3c40a7d275695ed4864519db99952ce41bca6bf45ca0f5d2e92fde149a5666f50a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj3554.tmp\StartMenu.ini

Filesize
679B

MD5
4609eec4abb80880a7688f80e433b3bf

SHA1
71dfe1a7f02ae03b66e92d7bd7774ba40a046904

SHA256
5ebbdd026588d75f7f7ccba371b03cc8a7cda0aa23ef45892bf1575a5218099b

SHA512
0999f456a09b19f21b4613cb44a1ad4ebc9a5d8fc5c7a836678889c5e317548709dc7cffa17f51a55eb08668c9b15f8370923731b66a33e52b99d7978596f8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj3554.tmp\StartMenu.ini

Filesize
679B

MD5
d4c9489b93e60e5717e62928e84c4132

SHA1
34eaec14f94fbb7f9114b445aba61fc775d1200d

SHA256
97592d1d28b03e8600ce9318f7f16060ece26ce24f0637d3dd3a70349feec991

SHA512
2de9cd960d32ba3c7d547843421a0492be2c03973626697915962007860ffdd54f8daa1db9220e3c84c3cf51abc1befd8ed54cff8a0af26b4e5c65d7cbd33acf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj3554.tmp\StartMenu.ini

Filesize
601B

MD5
5780eab1b791e4f037e3af3d5fdc8de2

SHA1
08601d472826db0d86dbbebf3bdfe9bc25af9288

SHA256
9032751ce4f7ef8a70fac52aed1548b0048188afd4f7e92603750b56c4649f5e

SHA512
9f2f81b3d739d87103f4314eb1eb11a22b6dd3f921bf948323d29718f1dd53c017e72c1175f713ab9738196343ed0a1c46751a7a9c450ed4a8d32949dc6c2289

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj3554.tmp\header.bmp

Filesize
282B

MD5
15d1d76385ea28d20fd014a7668e2634

SHA1
8e11dd1df693932946ac9ee9b62dfd1908e6d49b

SHA256
9b6c0898883df9a014409da94e9f3bea6f197a2270afdb908a968f7bdfe01130

SHA512
701057d1f754a37fbad91b2c25a9318ed60d930b20f0f006c1796204fe724ef41bdf8e9b91481a9300b0c0f36f00391c4ff1763b468fdfd3ac317cf784b4b0f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj3554.tmp\isWelcome.ini

Filesize
569B

MD5
c3c532717295229afccff475e63468ae

SHA1
fbe923ba240e5821b51c7d9140e528defddba7aa

SHA256
48bb7fc02f71b034ab39010687eae679020ae748647502c21d69e91dab37f3a3

SHA512
c64a7252a362a7514902d8730c5a304e50a8dad2346f4cf065da0b74bef8c72a171ffe6722432912bf304dbceadc3da85cb49559e57049d72a0c3475cabba7f7

Download Submit
\Users\Admin\AppData\Local\Temp\nsj3554.tmp\InstallOptions.dll

Filesize
14KB

MD5
9b2ad0546fd834c01a3bdcbfbc95da7d

SHA1
4f92f5a6b269d969ba3340f1c1978d337992a62c

SHA256
7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

SHA512
5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

Download Submit
\Users\Admin\AppData\Local\Temp\nsj3554.tmp\NSISArray.dll

Filesize
17KB

MD5
eafc4eb07d5527b374aa667ed663769e

SHA1
3ce4716bf95f4ee79c7ce8e8b57fc0e620c18fb8

SHA256
40800fc71777c8d4da8013ee9bccdba0dbca87aa064e188937aa565a10d859fe

SHA512
de2fbbf162ddabf4b7a854eaa9332a6277d7290f831355a11378934508bcd98504fbebb2a4aa74f59979966abc03dd06c451ba96c447b0eed47dd4cc62b7338d

Download Submit