072644898b72efdcf874c1aef0cfc57a94aabaee9405f0699e0bafde17465114

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 18:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

872a2c7edbb29d00e46661a1290d6a47_JaffaCakes118.exe
Size

33KB
MD5

872a2c7edbb29d00e46661a1290d6a47
SHA1

2927704744053b3be86fa995f93b7265a3184caf
SHA256

072644898b72efdcf874c1aef0cfc57a94aabaee9405f0699e0bafde17465114
SHA512

7fb1671ff6d7ff7f81ef2ef212ce4f6e2b203965dd9fe8f87019ac549a16eeeb7b1d0caa536055e3ac96694c6a6b10a6417c7defb6bdcfdd38d36271b95faac3
SSDEEP

384:0+Zc3OM/l/yjVCBr9sYrYgIHsNiAIeLViXS1f4lrRpCkdKnOMAkMNek+vvWNeEnT:xi/CAmYFIHskAREFpdKOMAxn6Bm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	872a2c7edbb29d00e46661a1290d6a47_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\872a2c7edbb29d00e46661a1290d6a47_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\872a2c7edbb29d00e46661a1290d6a47_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cdf1912.tmp

Filesize
906B

MD5
f2572338cb20db1d928b2c61282e6e87

SHA1
8b2b79ef1c914b0b00ec10a06caa8638b2163d45

SHA256
e9bc7df9f665d307b049d0d8bf74ed3c2ac1564094d3c4eff2568742bb5ebbbd

SHA512
240c9e2b2de396ef9dbe6b823723c61ba12c50e9a3b11f5f8f826aa55984d6c18a83361bf5b8f5d2602dbf8152e9feb35ceadce11d098aed246c52dc02771763

Download Submit
memory/2524-0-0x0000000000390000-0x00000000003A5000-memory.dmp

Filesize
84KB

Download
memory/2524-2-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/2524-5-0x0000000000390000-0x00000000003A5000-memory.dmp

Filesize
84KB

Download