28cd611ae31003b70ce0c984199627828890031f2038902f8fc6d75ce4ce9689

Analysis

max time kernel
134s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe
Size

52KB
MD5

0006b096a215e3563b69a662bc647bb4
SHA1

f1fca975acffa1b6201bbc3cd1bb52650a0a0312
SHA256

28cd611ae31003b70ce0c984199627828890031f2038902f8fc6d75ce4ce9689
SHA512

2a05001f7f5a37cc46a2f7846adf6eda770f418360dcb54a7be7bf510669c19e4de0b5a0d5a166e4f07f4a081662e4659c84b7e661c82e1322d53fb26371896e
SSDEEP

384:/Ti0/89NOEmzKya/WBF6QTiKtMgH+RNzwFZqKgjQARYaA/VLHqWJVBqdFDLF85S9:/e0Y4NIoisRIMqp2CWJVBd5Sfs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1812	0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0006b096a215e3563b69a662bc647bb4_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CloneF_4.exe

Filesize
52KB

MD5
8e72f9898ba2c66a4b24c0b916629f3f

SHA1
3a7fa96bc2c2f73866ffaea3369f32b5cddd6e29

SHA256
1ac5ad9f43a98b5bbffed4ce5c46a9e6afba6bc3d04bcf895b0f870004f1379d

SHA512
8c312d757f2d92d45044af9b9d7e172859fe624c1defb29971c7796eebc4cf31111c35090571bfcf7f06b55f63b4fde6db9b164a3faf8e0edd71bbf600ffe276

Download Submit