84ba766b1f292df812017d9c8549bd1026fbdd12b3eabe0e9ad491774f175ab8

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-10-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118.exe
Size

7.6MB
MD5

6b9d5ed62bf77ebcf1d9a4ce12eeef6f
SHA1

53943e0e880f48cb530838bc0e451dd7d378a5cb
SHA256

84ba766b1f292df812017d9c8549bd1026fbdd12b3eabe0e9ad491774f175ab8
SHA512

cde30092b8fc560351d9284cfc5f3c1dacc61875312562376adc7372c7b877f4c1598777610bcc7d55b1d20b33a58509a52141ba6aaf034e3297e7d6395356ee
SSDEEP

196608:aK4OnILxFKkKUrMlXDnR/CQkrKsYNFWVpCmE3/ot1yORC:ppiFKkv+LRKgj/W+me/s18

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2716	6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2716	6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6b9d5ed62bf77ebcf1d9a4ce12eeef6f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse2869.tmp\ioSpecial.ini

Filesize
635B

MD5
4e4e47adac1eedcd0c8badfeb531aac2

SHA1
10d664cdf5db72105869ff826817e9934599d446

SHA256
f7a073492bd2a356e683b9d5f9d8c0e12da415bea255a05e4f4f39f6b1a5ca79

SHA512
3b03c19a10e6bbb4a1aa6919d1d659c06ee2ffe7f1f55e71c69e830c022361235d4380fbb7f18b2f145b76d438779201572cd7f96b049f41d0882e06b2f59f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse2869.tmp\ioSpecial.ini

Filesize
648B

MD5
71f60bf99f6495220acf798b70541559

SHA1
c2226373c858d3d8ce69911663de4d27db9d6d30

SHA256
f704d28f3e9c52833f5ed21e6b8ef7d88a4adcf5f0731f4a2278387aebebea2d

SHA512
e8cdf43813310f9ffaeceb77b5f6247b304d6f443c68a683b8751892796deed1185203aee146bbcb826a94da7be39aefc73b7a4ddcd3da5987c7973f7cedfca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse2869.tmp\ioSpecial.ini

Filesize
661B

MD5
0876db356b2a647cdaeeb19948412ece

SHA1
99ba8169a148a64c9ec35e53df38904182a02d8c

SHA256
80fe56e45bbf9521521ba7457b9e08b7c7385296d635392ac16fb0e16342c6f4

SHA512
168dc24582904e44786126d2b44bc7721f1ffa4159cef99f40318cec276abfc67a344b2c0cf641c79d7acf0193064ca2118b62f1568444c81ad8f5478059d978

Download Submit
\Users\Admin\AppData\Local\Temp\nse2869.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit