ec48f0d43988d964855554cef48207a6c94b7ff144d4ea4505e3dc35f3531b21

General

Target

6f8ec1c5e601efa852dd72ced289baf9_JaffaCakes118.exe
Size

76KB
MD5

6f8ec1c5e601efa852dd72ced289baf9
SHA1

8dddf73c245602a060265017c818e821f2ed1e09
SHA256

ec48f0d43988d964855554cef48207a6c94b7ff144d4ea4505e3dc35f3531b21
SHA512

9c0c5807c64998c67b2049bf1452706465d9f3c6dca98441bebaf378311b64400f557d719ee3b1432d3bf5ea73dff39d8ab17a45dfc357faab3cde4ba02f8c66
SSDEEP

1536:/lre64qbFanROvBaaslK5Eeh6pAC5HQWZDHqohRlo5PS5OU:penqbX6le7j2wWN9nlocYU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6f8ec1c5e601efa852dd72ced289baf9_JaffaCakes118.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2308	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2308	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe
2308	vlc.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1420	6f8ec1c5e601efa852dd72ced289baf9_JaffaCakes118.exe
1420	6f8ec1c5e601efa852dd72ced289baf9_JaffaCakes118.exe
1420	6f8ec1c5e601efa852dd72ced289baf9_JaffaCakes118.exe
1420	6f8ec1c5e601efa852dd72ced289baf9_JaffaCakes118.exe
2308	vlc.exe

C:\Users\Admin\AppData\Local\Temp\6f8ec1c5e601efa852dd72ced289baf9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6f8ec1c5e601efa852dd72ced289baf9_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ImportFormat.mpeg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1420-4-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2308-10-0x000000013FB40000-0x000000013FC38000-memory.dmp

Filesize
992KB

Download
memory/2308-11-0x000007FEF7100000-0x000007FEF7134000-memory.dmp

Filesize
208KB

Download
memory/2308-13-0x000007FEFAFD0000-0x000007FEFAFE8000-memory.dmp

Filesize
96KB

Download
memory/2308-14-0x000007FEF73D0000-0x000007FEF73E7000-memory.dmp

Filesize
92KB

Download
memory/2308-16-0x000007FEF6B90000-0x000007FEF6BA7000-memory.dmp

Filesize
92KB

Download
memory/2308-15-0x000007FEF6BB0000-0x000007FEF6BC1000-memory.dmp

Filesize
68KB

Download
memory/2308-12-0x000007FEF5900000-0x000007FEF5BB6000-memory.dmp

Filesize
2.7MB

Download
memory/2308-17-0x000007FEF6B50000-0x000007FEF6B61000-memory.dmp

Filesize
68KB

Download
memory/2308-19-0x000007FEF65B0000-0x000007FEF65C1000-memory.dmp

Filesize
68KB

Download
memory/2308-18-0x000007FEF65D0000-0x000007FEF65ED000-memory.dmp

Filesize
116KB

Download
memory/2308-39-0x000007FEF44B0000-0x000007FEF44D3000-memory.dmp

Filesize
140KB

Download
memory/2308-41-0x000007FEF4470000-0x000007FEF4482000-memory.dmp

Filesize
72KB

Download
memory/2308-40-0x000007FEF4490000-0x000007FEF44A1000-memory.dmp

Filesize
68KB

Download
memory/2308-38-0x000007FEF44E0000-0x000007FEF44F8000-memory.dmp

Filesize
96KB

Download
memory/2308-37-0x000007FEF4500000-0x000007FEF4524000-memory.dmp

Filesize
144KB

Download
memory/2308-36-0x000007FEF4530000-0x000007FEF4558000-memory.dmp

Filesize
160KB

Download
memory/2308-35-0x000007FEF4560000-0x000007FEF45B7000-memory.dmp

Filesize
348KB

Download
memory/2308-34-0x000007FEF5F30000-0x000007FEF5F41000-memory.dmp

Filesize
68KB

Download
memory/2308-33-0x000007FEF45C0000-0x000007FEF463C000-memory.dmp

Filesize
496KB

Download
memory/2308-32-0x000007FEF5F50000-0x000007FEF5FB7000-memory.dmp

Filesize
412KB

Download
memory/2308-31-0x000007FEF5FC0000-0x000007FEF5FF0000-memory.dmp

Filesize
192KB

Download
memory/2308-30-0x000007FEF5FF0000-0x000007FEF6008000-memory.dmp

Filesize
96KB

Download
memory/2308-29-0x000007FEF6010000-0x000007FEF6021000-memory.dmp

Filesize
68KB

Download
memory/2308-28-0x000007FEF6030000-0x000007FEF604B000-memory.dmp

Filesize
108KB

Download
memory/2308-27-0x000007FEF6050000-0x000007FEF6061000-memory.dmp

Filesize
68KB

Download
memory/2308-26-0x000007FEF6070000-0x000007FEF6081000-memory.dmp

Filesize
68KB

Download
memory/2308-25-0x000007FEF60D0000-0x000007FEF60E1000-memory.dmp

Filesize
68KB

Download
memory/2308-24-0x000007FEF60F0000-0x000007FEF6108000-memory.dmp

Filesize
96KB

Download
memory/2308-43-0x000007FEF3950000-0x000007FEF3961000-memory.dmp

Filesize
68KB

Download
memory/2308-42-0x000007FEF3970000-0x000007FEF3A10000-memory.dmp

Filesize
640KB

Download
memory/2308-23-0x000007FEF6110000-0x000007FEF6131000-memory.dmp

Filesize
132KB

Download
memory/2308-22-0x000007FEF6560000-0x000007FEF65A1000-memory.dmp

Filesize
260KB

Download
memory/2308-20-0x000007FEF4850000-0x000007FEF5900000-memory.dmp

Filesize
16.7MB

Download
memory/2308-21-0x000007FEF4640000-0x000007FEF484B000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing