2054a66bed9bee6b08b0d6eaf28cec0db8b5816d1e1446f628ec014919432f6d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
Size

902KB
MD5

e2ce37ff1ae4728c27018f773c8c0aa7
SHA1

26c945b036e87c2dda821a911610e12c831e813d
SHA256

2054a66bed9bee6b08b0d6eaf28cec0db8b5816d1e1446f628ec014919432f6d
SHA512

c320cb3c33a841a513f2eca7b3d2d7053c8e350a2a2981a292061226e8412da6ae21962967ab901cae510adf8ee9adaf3acc756791ddb5352aa9b58c2c93e7ae
SSDEEP

24576:8hV7iDfjte27WrHNuoWthMgmEj4Ti+kpUtS:8hhSfj83rHIoRxs4TtfS

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
2728	JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2ce37ff1ae4728c27018f773c8c0aa7.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_N4\eDB.fne

Filesize
212KB

MD5
595188834155ecc88fc024156491e506

SHA1
eab24af840b8b14fd6a59e97b539c1e71789886c

SHA256
f0ed253e8471686d4fd3b3d6e8cb10ccdbaed3ac34e0268524f36f3ddf8e9c2f

SHA512
7979eee30cae641f957af83243e4a108ff63d0cec5fa36b012fdc4c8c3f9d1afb7f01bc8cf647c3c75344c705b7e8b8405b592284ae699cf519aab850845e6bc

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.1MB

MD5
638e737b2293cf7b1f14c0b4fb1f3289

SHA1
f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

SHA256
baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

SHA512
4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

Download Submit
memory/2728-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2728-6-0x0000000000370000-0x00000000003A9000-memory.dmp

Filesize
228KB

Download
memory/2728-9-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download