85906c2ab9bf5c246ce9996cf8b80ae27242604383017ac6547a14ea826722ab

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d59569383e2112bfaf09b77fceaa6b1_JaffaCakes118.exe
Size

125KB
MD5

8d59569383e2112bfaf09b77fceaa6b1
SHA1

1de1b570c3427260611265d3524108213c6e2cc2
SHA256

85906c2ab9bf5c246ce9996cf8b80ae27242604383017ac6547a14ea826722ab
SHA512

67edff19b8339fe53727cfb9ef8ff9ac927a3187238ad4932786fc785a181c273fda4a25ab878a3653a15fa6ac00941e20e02f6f36cd855a31553abe616d6772
SSDEEP

3072:zJyaxXmHZClZDFnzOdub6UceWYFZEuT8Dywq0qofP:MC2gvBzzWUce1RT8tT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8d59569383e2112bfaf09b77fceaa6b1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8d59569383e2112bfaf09b77fceaa6b1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8d59569383e2112bfaf09b77fceaa6b1_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2128-0-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2128-2-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download