177da7fd9ca1cd14410bad2c87ae228ce5f234e9c0cbc375c399a929eab49f52

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-01-2025 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a4a4ad40a0647cd5660ac59795045678.exe
Size

9.6MB
MD5

a4a4ad40a0647cd5660ac59795045678
SHA1

8b643d793b216a85656f620d7c2fdc2a55cd72db
SHA256

177da7fd9ca1cd14410bad2c87ae228ce5f234e9c0cbc375c399a929eab49f52
SHA512

d8a6a417969ce2870bef96e4fe190031617826789e9c6746e5674379a9c58f8afb88ad33869fb03486613b9de1e82b8e3da775a2ba610dd7a08282ee23453a32
SSDEEP

196608:RE0866zpZkXdiEMNig49X83sSW46wh/OvvRUyMmcyrpSm4Iv34j8pOZhl2IwYCHd:RR87p84HL49XBt46IOv6yMmx193npOZQ

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2240	JaffaCakes118_a4a4ad40a0647cd5660ac59795045678.exe
2240	JaffaCakes118_a4a4ad40a0647cd5660ac59795045678.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a4a4ad40a0647cd5660ac59795045678.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a4a4ad40a0647cd5660ac59795045678.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a4a4ad40a0647cd5660ac59795045678.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsjD461.tmp\ioSpecial.ini

Filesize
1KB

MD5
bd4d3afc6d9a8d6ad66dd42c8db070bd

SHA1
53791fe3b8fa02f38a359b0c01cb09372c95e23b

SHA256
a84bd3ecb2b3a5493e11569d3fa8ff02d198848a1c00057438f12ce603c70c2b

SHA512
285aae59aaefc7ece111abf52236919f54a071c35afe056e6419a1fcad50fae6deab115a4f03ffc99986c1b452eac49b1ce64f27012331877ef552e5db78f6c7

Download Submit
\Users\Admin\AppData\Local\Temp\nsjD461.tmp\GetVersion.dll

Filesize
13KB

MD5
ae85debc48eee67767735e22fbcabd4f

SHA1
7816874fb0ac1636ef405ac10d726835cdc9619b

SHA256
bb7e0835019c837df5bce018cafd29efd179ac92530c92f42bc55dca6848a203

SHA512
01f7108b63d0aef3ef49e851a1a6738d5a02e4e1505bebe81a96fc48304faaa79cc1e0b6c9479175d349461d3995a6d7ecf2fab49799e3521491f306bfeef07b

Download Submit
\Users\Admin\AppData\Local\Temp\nsjD461.tmp\InstallOptions.dll

Filesize
15KB

MD5
67d8f4d5acdb722e9cb7a99570b3ded1

SHA1
f4a729ba77332325ea4dbdeea98b579f501fd26f

SHA256
fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

SHA512
03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

Download Submit