Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-10-2024 03:03
Static task
static1
Behavioral task
behavioral1
Sample
552119df40ce08c7425c4d541323be95_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
552119df40ce08c7425c4d541323be95_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
552119df40ce08c7425c4d541323be95_JaffaCakes118.exe
-
Size
1.1MB
-
MD5
552119df40ce08c7425c4d541323be95
-
SHA1
1709ced57c3fa208329e57fcd3a6fc880ba42573
-
SHA256
90cdbe62492feb0513b1615b13a951e94bc0ef2b912d2ca13432b2f213100744
-
SHA512
46f9e1e7a9bb2bdff7cf69ab48bed025fa7524cfe2aa15b01372db0ee784a854a47d19cb1d2da8aa8c5fbf4348d92a2dd058911ccac4e63492ed49372beae3b6
-
SSDEEP
24576:7zXKqa8SEijjC+37liXbLbklmfB6/tbQdSmKeJ0xvXa4yK:7z6qaakjC+3srLAKB61bQd3KeaBa41
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2836 s.exe -
Loads dropped DLL 1 IoCs
pid Process 2708 552119df40ce08c7425c4d541323be95_JaffaCakes118.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\qdujjjzf\s.exe 552119df40ce08c7425c4d541323be95_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 552119df40ce08c7425c4d541323be95_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2708 wrote to memory of 2836 2708 552119df40ce08c7425c4d541323be95_JaffaCakes118.exe 31 PID 2708 wrote to memory of 2836 2708 552119df40ce08c7425c4d541323be95_JaffaCakes118.exe 31 PID 2708 wrote to memory of 2836 2708 552119df40ce08c7425c4d541323be95_JaffaCakes118.exe 31 PID 2708 wrote to memory of 2836 2708 552119df40ce08c7425c4d541323be95_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\552119df40ce08c7425c4d541323be95_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\552119df40ce08c7425c4d541323be95_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Program Files (x86)\qdujjjzf\s.exe"C:\Program Files (x86)\qdujjjzf\s.exe"2⤵
- Executes dropped EXE
PID:2836
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD511f9f023a21f0e0f69686820df3f5124
SHA1a1f8c5b6f279158be3af60e9597971c2f9f9cf2e
SHA25641bcc86e63fc744663b2aa9cf07e253f0bec9b2cb73911327be1efda5561ae81
SHA5120688bff823d2abf74a2280beef21f9cc58a6b21ac54628988fce2ce55543250abf701abfd7a9c2e9c1e96112339bfc02f1e469ae29d6d1435a592cbb9bc1b352