d2586111a3d2072ae6d1965de480a9b22f485a90245c31a8776f719b56b2653f

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a07cac75c37c7fa7c449a5cd642824ce_JaffaCakes118.exe
Size

1.1MB
MD5

a07cac75c37c7fa7c449a5cd642824ce
SHA1

3573c17e5bed271c3b96bbd7d0d20fe9ce42d981
SHA256

d2586111a3d2072ae6d1965de480a9b22f485a90245c31a8776f719b56b2653f
SHA512

07f8b7c21fff94216f34d4adf53a46d6fa6055c2c4083a7d546e64e73f2e2f24fb730459303d96fb5ff81de0af50a0c922ea0a94e286cd74c2fa9235058aef7f
SSDEEP

24576:1f5qaInraJ53lsDwpZPmYQdx7WhdmYnG0lvYCgOsU37w:KOT/mYG7WxwpOsk7

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a07cac75c37c7fa7c449a5cd642824ce_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2260	a07cac75c37c7fa7c449a5cd642824ce_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a07cac75c37c7fa7c449a5cd642824ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a07cac75c37c7fa7c449a5cd642824ce_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\OllyDbg.ini

Filesize
147B

MD5
8cf64c39b6060492bd9b932b81397405

SHA1
2ea300f999d625583ff60ed191a681f40c116fca

SHA256
48141ba3c799e8e5e19bae13a71e10d3eeffb1ae47638733118acf5f26bc0361

SHA512
a4c5ed4d34e32919153155eb53089e52ff2ecce47c3961f28a593782fb2714ffe6f5a6eabc8a089b7862813b6fa5f2eb885f9658500bce6493d770b4a47a6a09

Download Submit
memory/2260-232-0x0000000000496000-0x0000000000497000-memory.dmp

Filesize
4KB

Download
memory/2260-235-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-236-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-237-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-238-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-239-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-240-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-241-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-242-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-243-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-244-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-245-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-246-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-247-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/2260-248-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download