a65b7f236802505674c6d9daeb6f3ab0e0f680f9f678e1e90d353a8088a14fb7

Analysis

max time kernel
137s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7523bedad24c9e3bdcbeeae7ff0d9e73_JaffaCakes118.exe
Size

39KB
MD5

7523bedad24c9e3bdcbeeae7ff0d9e73
SHA1

d82940508b186b80dbfe3038bdac15320bab720f
SHA256

a65b7f236802505674c6d9daeb6f3ab0e0f680f9f678e1e90d353a8088a14fb7
SHA512

42e1960f5acaadb09715b512f813f719f0e60d346c60b996f91951766050ae599e5db702ef7b2302a2ac4230ded6e6ff0ffaf828a227bb086322753bea7a5cc2
SSDEEP

768:Ob6gwXYPv5O1eTGvmqLNILZ2/qBtgbWIQzTGf/:Ob6gwXYnc1eTqgZ3tgbWIQy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7523bedad24c9e3bdcbeeae7ff0d9e73_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7523bedad24c9e3bdcbeeae7ff0d9e73_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7523bedad24c9e3bdcbeeae7ff0d9e73_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1828-0-0x0000000000400000-0x000000000040AAF0-memory.dmp

Filesize
42KB

Download