28cd611ae31003b70ce0c984199627828890031f2038902f8fc6d75ce4ce9689

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe
Size

52KB
MD5

0006b096a215e3563b69a662bc647bb4
SHA1

f1fca975acffa1b6201bbc3cd1bb52650a0a0312
SHA256

28cd611ae31003b70ce0c984199627828890031f2038902f8fc6d75ce4ce9689
SHA512

2a05001f7f5a37cc46a2f7846adf6eda770f418360dcb54a7be7bf510669c19e4de0b5a0d5a166e4f07f4a081662e4659c84b7e661c82e1322d53fb26371896e
SSDEEP

384:/Ti0/89NOEmzKya/WBF6QTiKtMgH+RNzwFZqKgjQARYaA/VLHqWJVBqdFDLF85S9:/e0Y4NIoisRIMqp2CWJVBd5Sfs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1320	0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CloneF_4.exe

Filesize
52KB

MD5
65aca5d079bcc3a1304ecd4760d26be2

SHA1
c0b0f0786711ad31193fe4b0e1bfce1d6ab74d00

SHA256
918f56780a39b22b599aa690ef69d4ccd0313193a46897ec3b46716a43fcb089

SHA512
9d26a0605d12394af3f831ad7aa8ca13a9bf7eef4f17cfb8f2cffba54caa6c104363d114c31a9a261f717b05a4cc27e8f917435f21e777c515414a65ffca4330

Download Submit