9e99b2bc6d3b12ca1b6bf72622ad994d206ec22f751bfc2a61fec0bdd0b4af8d

Analysis

max time kernel
91s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 18:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b9384250829bd326af1741fc180d27c_JaffaCakes118.exe
Size

40KB
MD5

8b9384250829bd326af1741fc180d27c
SHA1

cc75d1a627433f50075efe3acf568b53c157267c
SHA256

9e99b2bc6d3b12ca1b6bf72622ad994d206ec22f751bfc2a61fec0bdd0b4af8d
SHA512

a443b1c4153576f63af21763fc5f8aa4115e8d39c8e27e23256716c2f96f6cd1c6c82d4c0305fd01d5753ca05fdba93945f15e836927c14147a297f1ba78c2f8
SSDEEP

768:pvAOCbSEln5IyYpamDjobj8SzloO+KF7t5KxBE:Sfln5IUmDjoXfloOJFzf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8b9384250829bd326af1741fc180d27c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8b9384250829bd326af1741fc180d27c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8b9384250829bd326af1741fc180d27c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2636-0-0x0000000001000000-0x0000000001010000-memory.dmp

Filesize
64KB

Download