a87b70031d8ef8393fc390f6404d30c7f23999d3650468e8a8e0171f71e2a519

Analysis

max time kernel
141s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9480d66aada8bd42230aaa0c49024a36_JaffaCakes118.exe
Size

631KB
MD5

9480d66aada8bd42230aaa0c49024a36
SHA1

2ce4e6504bec05c8555df80d7390f0b080014eae
SHA256

a87b70031d8ef8393fc390f6404d30c7f23999d3650468e8a8e0171f71e2a519
SHA512

cd6d5086cece808ea6357d2a252cd6e22462c9de88bb85ea7d55c236b5b194a2fb9a229ac4651c7f28973890653356321c271dbbfc7a239c130d74cb2dc3983a
SSDEEP

12288:sNoFmw6FvnRuzg/axX7JY+eSUSuuFi4A547+8pVpDckHxYfpyd:sNlw8vnRuzg/axLJY+cSJFi4ACy8pVph

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9480d66aada8bd42230aaa0c49024a36_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5004	9480d66aada8bd42230aaa0c49024a36_JaffaCakes118.exe
5004	9480d66aada8bd42230aaa0c49024a36_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5004	9480d66aada8bd42230aaa0c49024a36_JaffaCakes118.exe
5004	9480d66aada8bd42230aaa0c49024a36_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9480d66aada8bd42230aaa0c49024a36_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9480d66aada8bd42230aaa0c49024a36_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4336,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=1904 /prefetch:8
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\offconfig.temp

Filesize
597B

MD5
45dc055aa77b625854f2b42ef64a6ead

SHA1
56631b9af26b5a943b9fd8f59149a104dc9b1dd4

SHA256
f5c5b6ffb034917adf36579337f0e60c3cc5185d516b691fedc09bf81b8ef43c

SHA512
904a5b7270dd294e97733791a9f733467d6998c88d28b13204b30673c6b44b4c08e59283d329e7b3cb32a16d6b5ee0f127e8d1f6cb0cc037066b71f71b7bfaa6

Download Submit