7e8eb69adadb7337fa6a7b18c08b7d3f1ccef733157db636f23e5ec3603a2550

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53141068f04ebf4cd8e5e83219b6e8a4_JaffaCakes118.exe
Size

9.5MB
MD5

53141068f04ebf4cd8e5e83219b6e8a4
SHA1

2294061f9c946f4969b5eafa8c13f531ba78d782
SHA256

7e8eb69adadb7337fa6a7b18c08b7d3f1ccef733157db636f23e5ec3603a2550
SHA512

b95fd7d1e2b23ee994b5def27835333191b9c0bcc8f308e24e441af8e764a84d2638f2089ede5cab33b4e3986980cd8566899406f4c80a3d3b1fa180cbea345b
SSDEEP

196608:ZnCk2BFEh4VqvfZQlZRnk+q8VYqcu4SPCGrWVsXzNajFSb2ZkSsbFQYU:ZnpaEWAQZkgVP7KEWVsqFSYeKZ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1868	53141068f04ebf4cd8e5e83219b6e8a4_JaffaCakes118.exe
1868	53141068f04ebf4cd8e5e83219b6e8a4_JaffaCakes118.exe
1868	53141068f04ebf4cd8e5e83219b6e8a4_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53141068f04ebf4cd8e5e83219b6e8a4_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1868	53141068f04ebf4cd8e5e83219b6e8a4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\53141068f04ebf4cd8e5e83219b6e8a4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\53141068f04ebf4cd8e5e83219b6e8a4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy8068.tmp\ioSpecial.ini

Filesize
678B

MD5
b510b791373ca539e7bbdbc367ccad3f

SHA1
f4020ace602cd19e0107f1e5f907b432ca269e74

SHA256
3b08ebeaccbb83119e53bf0bebcbdad6055a2bc72a040344d24c509bbb73706b

SHA512
c7423437d2a3345ace1f3fb211cd30a1e4b1f05922b37388e2da3d067ad41493871fa2624d5d23bd9e3b334c779f2bfce88e6d8a7ea8431e45e5d30220eb0f7c

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8068.tmp\InstallOptions.dll

Filesize
12KB

MD5
4c7d97d0786ff08b20d0e8315b5fc3cb

SHA1
bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c

SHA256
75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84

SHA512
f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8068.tmp\StartMenu.dll

Filesize
6KB

MD5
388c408cff35a38d04e3cda18f63af07

SHA1
9c2aa2ed8b526ace4267acbcf5648b2601019ac4

SHA256
4f945ad53b7aa8ed516b2f58c2ed9f15c13bbdf0e489d71c7347b80583cee5fd

SHA512
542292d61ff209f6c98c62ebad549024611a7d42fb951f8cc211b886f0d202d5e0da3b754c84c8a00043c748ed527351fc524357412cf88875e6bf729cbba46f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8068.tmp\System.dll

Filesize
9KB

MD5
e085476805e8f5ef1c7ed635c5309017

SHA1
609e79fdc29d6dee40cc5dd333094db5f9f63eec

SHA256
4eb689e2db8d683afcfffe6dee1985fbd458d2770093547331d563acece80c67

SHA512
082932aea8d993de8ca1eeb60f7bb4e56cc7eab4a683c59822b2c544223febab5915bb2b7c2e2dad79472bbd8ad400770dd7c1f112cef24d18ebd0f1ad63fe9f

Download Submit