ea3732a1d9a4586d1f6fadb42e369d3c57f0e9f158d23fb9af12955a1c23a051

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4f3c9f6ad199ffeae73b421c1e948d0_JaffaCakes118.exe
Size

1.4MB
MD5

b4f3c9f6ad199ffeae73b421c1e948d0
SHA1

6012ec6a00a96f8f769cc4fe1260f32c938b9bb5
SHA256

ea3732a1d9a4586d1f6fadb42e369d3c57f0e9f158d23fb9af12955a1c23a051
SHA512

3f273e6f5f9ef66193e6ae19a65f67a86cf762690ef8c351f2f831cade6034ce95454531db5de962947c4cd5a31d11146c25a1b59f3653f0925af524c013fa7e
SSDEEP

24576:pQInwH+NO+U7wmz84IH+m4CCx8+WmUWP1qu5lQC8pjrzWzqkIyv6Y85/ka:pZZNXU7wD4G+aeOWP1xZ8pjHWqkNv6Yn

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2080	b4f3c9f6ad199ffeae73b421c1e948d0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b4f3c9f6ad199ffeae73b421c1e948d0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b4f3c9f6ad199ffeae73b421c1e948d0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b4f3c9f6ad199ffeae73b421c1e948d0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dup2patcher.dll

Filesize
1.3MB

MD5
a4a2cb86878caaaa847850ab277f9ff6

SHA1
3827b0d551544598244b1e9d18cc2e72ee1c6666

SHA256
ff07a8fa783c0fc16a69cc0fca2260566d80cb816d8546579c1bb732674a3c03

SHA512
58879d1e5b4671b02f95d516e92aedf891790391410ad4179a28e3f379970bc7c94a8bd33c0166701030fde1c6fe492bb129bd9aa99f724b2ec04bd264457bbe

Download Submit
memory/2080-3-0x00000000754D0000-0x0000000075641000-memory.dmp

Filesize
1.4MB

Download
memory/2080-4-0x00000000754D0000-0x0000000075641000-memory.dmp

Filesize
1.4MB

Download