12cf577f28f1bddbc96b40de20be0f42faab16f2aecdfd9dcc6df79a9025689a

Analysis

max time kernel
144s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
09-02-2025 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe
Size

395KB
MD5

ca3bc83026fe6cccc8c4b9b9e7c83e05
SHA1

e1b586d543fb5a75c013065c3be4f57c60847e5d
SHA256

12cf577f28f1bddbc96b40de20be0f42faab16f2aecdfd9dcc6df79a9025689a
SHA512

1e0e63fd33dafd30a581722b053b90ee51f50bc677690f2b0071f4028a42e2d3daf8c9b9b2621872877cf81d62b82113c78a963d539bc761386bc498b1a779ad
SSDEEP

3072:fLom2NoEjXIAphpXQoeOSlaA++reGLomxLomxLomVr85CZr85CZr85CZr85C:f0NvjYAzztUTTD9191919

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SumitSoft.ini	JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2844	JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2844	JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca3bc83026fe6cccc8c4b9b9e7c83e05.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SumitSoft.ini

Filesize
111B

MD5
1dfeffd7a8eeff2ff2c148decdbd0aae

SHA1
8f7b93dd7b7fbd787c589e100274d802de4e80e4

SHA256
62f1a5fd642c89a48181ff8d7ea54c8b6365d9193962d8c9ad8d86ae350a6347

SHA512
de376dc78fc5f2bed535d4945f091ac00acbaf08e6e3fae6a2d662cd9931244e65180697cae4927dbab0e9b61d7cef6ddbb054217466d2f44546dad7b230f777

Download Submit
C:\Windows\SumitSoft.ini

Filesize
27B

MD5
e554983eec1b93e09eef485c3c3968d3

SHA1
6afc3a817ff3b4beca46719aa7b25ec755678aea

SHA256
4c446f2a131b9ca99166d9faa3a71e926697f3cd75c2b36e01e76798e8de3534

SHA512
5b7c33310e0b9045491b53e5389e83cd60f3ad0ad6be5e63fc74f917dd87469c221782370144cd6ad8b67f61590bafba94f21211862f94ad0c06c0295bb6e00d

Download Submit