a1f5ab497a3ddf5a7af5892eb5eef814e85f5257e95538d466f8ebcf19c2a0ed

Analysis

max time kernel
91s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c5e247341e97d5a7717526c55da7e3_JaffaCakes118.exe
Size

20KB
MD5

81c5e247341e97d5a7717526c55da7e3
SHA1

b4ef03257fa641306fad12cce524a9650956446d
SHA256

a1f5ab497a3ddf5a7af5892eb5eef814e85f5257e95538d466f8ebcf19c2a0ed
SHA512

24f67a22bb30e21c70a7f81f8735c37cfb8d621a0bf74ef4df05783a9706b5f926f085048e2b29cad1f32e6d0e91b7635e3751f225898b715e6c5796f721852a
SSDEEP

96:/lxB06/6b0j3QS5gYCn3/yt7jgD7DsmWiWuaaLEw2:/TB06/6b0j3QegHvyZjg3DsALEw

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	81c5e247341e97d5a7717526c55da7e3_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2372	81c5e247341e97d5a7717526c55da7e3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\81c5e247341e97d5a7717526c55da7e3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\81c5e247341e97d5a7717526c55da7e3_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\911222FC438F5D8B175873E619C47052

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\911222FC438F5D8B175873E619C47052

Filesize
430B

MD5
24911c4003ee45b6cfaa5199c93b0f65

SHA1
4e635b258bb6e5465d07a04e6a29c7ad1aaf1e71

SHA256
d78ae8187569d69f002affe1ae634b35a1e36c2477507c2aff98dc80dc3f01a2

SHA512
7f883299e11326ccb10f1cd3bd1a60c26be5c7a4d7d122d67e1b89bd69e3f72bc3830875f5355d812a33f267ee788cea758c0a5cbc39453a10c1e65c52f242e5

Download Submit