074c8287e8f6775181176775a35a69c28f8b3b59880645a0f3fc36ccda2e1932

Analysis

max time kernel
9s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

874da9e4f08536963c7bceb1daec60cb_JaffaCakes118.exe
Size

492KB
MD5

874da9e4f08536963c7bceb1daec60cb
SHA1

7981148cf8c1ec534ced3d0ca63bcd795e85cffd
SHA256

074c8287e8f6775181176775a35a69c28f8b3b59880645a0f3fc36ccda2e1932
SHA512

80500773766687771223d8ffbb813c1fcd6700ced2e4b07c816e8b3820ae25396a9cf59037f5552080db0f933ccdb1597155326ff34ff26c51a7e0ac8c95de08
SSDEEP

6144:6fUO6jWamVffJuv6b5xDt5xCzYzIUPcIdua4H+4cGF1vKDHB+7lSEqauRKsTBDrg:aJPdxDzxCzNa4Has100SWuMsTJr6B

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	874da9e4f08536963c7bceb1daec60cb_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2124	874da9e4f08536963c7bceb1daec60cb_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\874da9e4f08536963c7bceb1daec60cb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\874da9e4f08536963c7bceb1daec60cb_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...