795a0aa43aa2cd69dd291a207a3efe3c7b6a931afcff44ba12af1111ef17e1b3

Analysis

max time kernel
149s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54a68481a29ca999f530ea87d50e2eec_JaffaCakes118.exe
Size

500KB
MD5

54a68481a29ca999f530ea87d50e2eec
SHA1

4967cca683caa74f15c5220626337f0a2414402b
SHA256

795a0aa43aa2cd69dd291a207a3efe3c7b6a931afcff44ba12af1111ef17e1b3
SHA512

73c85e60d56e8c3b96169ca4086d2d172ff346276bfd8ff2997b491f0e348fbc786f161704e2781f57388afe081a06774d1f7fe3493429f578e434865a0e95a1
SSDEEP

12288:jaO5Rrwax3aWfvGeGylAlqlFtnXv1eCwBpD7OhE:jaO5fZ2eGylVt2tChE

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
612	54a68481a29ca999f530ea87d50e2eec_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	54a68481a29ca999f530ea87d50e2eec_JaffaCakes118.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3B8A9A0-5B5E-D122-C1A1-B56343DEA5E9}	54a68481a29ca999f530ea87d50e2eec_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3B8A9A0-5B5E-D122-C1A1-B56343DEA5E9} \data = "64c6e0c2cbcc4202aaf43dcbb4fa3160"	54a68481a29ca999f530ea87d50e2eec_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\54a68481a29ca999f530ea87d50e2eec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\54a68481a29ca999f530ea87d50e2eec_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\OICE936.tmp

Filesize
894KB

MD5
8a94f3ec71f0510dc33e905320ffec56

SHA1
0d1475febe4f1d32538caa28e4848d1fff80f4af

SHA256
1c17624c3ed26d40ce8956b5030c11d740ee8f244dc292a9714e106e9f748e47

SHA512
b7869b21300c25f09221b4a6d6121e45d1168b140f7404d5b1c915192e426ced85a5ceab04f0af1470a9b53d59964c0636894c7702574e661ddb52384159e796

Download Submit