daaaf8f57839df3645b9a65a3223483c5ff9b01840e179242158d1b8a948a801

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe
Size

1.6MB
MD5

916c6a32602001110ea3aaa636c6a682
SHA1

450fa1e20fc55b48bb6d268d133a9298353e3c0b
SHA256

daaaf8f57839df3645b9a65a3223483c5ff9b01840e179242158d1b8a948a801
SHA512

74c5f24589cd2541df5ac0297746d35346ba342992315697fad6838a9fd67f5adb921304d570a57e01278aae7da5d6767df5533b140e15f9c0e44cb7dc02e642
SSDEEP

49152:+OL1JKKG61fEFTd6tpWIk0tOTjAXOgfQ1ZAejAHU:RAO2FuwIkBI+rU6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe

pid process

2888 916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe

pid	process
2888	916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\916c6a32602001110ea3aaa636c6a682_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst626D.tmp\ioSpecial.ini

Filesize
720B

MD5
40833488324944513eb47f8123eddf24

SHA1
cca95f2a866327189d7bece76257ef823aaccd18

SHA256
b0a8864e9669330941692101d116aabc3dcf4ec17ccfa2c3362b38be8b284654

SHA512
23efb95a2d98a63098c638cdda6787f6ccbd86791a6c790cc12d856a8449ddbe084af9cd70c84a32372cef3b6faca59bd0921b41af7e32f88df14e0a7561eb0b

Download Submit
\Users\Admin\AppData\Local\Temp\nst626D.tmp\InstallOptions.dll

Filesize
14KB

MD5
79be350c8381293abb045bbd2a7b5f0a

SHA1
0b4e6d482cae461e36c2b47661ef586545162e23

SHA256
3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51

SHA512
1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28

Download Submit