5291fb2dccffb4c1092763e34e38df7f6e7bdc145fa1abb883b79848ab4b4163

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

457d7c9278a70af2bbb69ea1834c10ea_JaffaCakes118.exe
Size

359KB
MD5

457d7c9278a70af2bbb69ea1834c10ea
SHA1

ce63667ab3039026051dedbd72e4239252562eb2
SHA256

5291fb2dccffb4c1092763e34e38df7f6e7bdc145fa1abb883b79848ab4b4163
SHA512

ef10830c37835e2f57683ed7ba87fa41db060469c9e10554de9cf6cd55b119883ccaa0a24f077ba8c5fecd636ffff2545ff023d719138afb5307bb7a96fe65e2
SSDEEP

6144:E7l12U1csNzbGkVQoM4cMQwzwvKHHNcvhpFA6HNKMPpQpvGImG12Sv9bx:E7l12U1hPq2AwzwyHHWv3FA6HN7PcO1M

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2112	457d7c9278a70af2bbb69ea1834c10ea_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	457d7c9278a70af2bbb69ea1834c10ea_JaffaCakes118.exe

Modifies registry class 2 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF84E4AA-752C-DCC5-F9DF-F4538EF32344} \data = "4430cfcb98624d19a1bee47499ba39ea"	457d7c9278a70af2bbb69ea1834c10ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF84E4AA-752C-DCC5-F9DF-F4538EF32344}	457d7c9278a70af2bbb69ea1834c10ea_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\457d7c9278a70af2bbb69ea1834c10ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\457d7c9278a70af2bbb69ea1834c10ea_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\OICA8EC.tmp

Filesize
817KB

MD5
0681152b9ab82a9e861837834a70cf3b

SHA1
8ebb21d03921b00de990760f7fa7f08de689ab06

SHA256
ce5e2b2ce1349a21d498a31a86e8421becd2e86d9327d6466a9f711b9577ddbf

SHA512
4f3d5fed8f8cadfe17ae32a18b11c03fb340e93cff6fe327c388442cde9487d599b3cdf794c2cf1660fbc62257661125ce3b772b2d0b6703b293d20ee54b4364

Download Submit