635798a04c33050dd9c0aff5b02dcca8dea168abd67e72d72287df2e920889bd

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8be49d99be95dcad12ed9edb0f9979c_JaffaCakes118.exe
Size

160KB
MD5

a8be49d99be95dcad12ed9edb0f9979c
SHA1

bc7683dde0fbec9fc11a388ed3550865d982e7d7
SHA256

635798a04c33050dd9c0aff5b02dcca8dea168abd67e72d72287df2e920889bd
SHA512

1180376ea8d339fd411f68971b0b51d151f077982793e246b47514e68328e107f3d59a69b805d814fcc887c81ca9bc38801ad2c2b2dff6d2ab32e3e7b9444717
SSDEEP

1536:L/el+8Hruyv+mMiIAcI9vmQHv51skHMDnHgqAYsMKWqD7WCDYVRaJmg0k+X:z2LLuyv+mMi5cCeeM7JAJM3IymYVSe

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8be49d99be95dcad12ed9edb0f9979c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a8be49d99be95dcad12ed9edb0f9979c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a8be49d99be95dcad12ed9edb0f9979c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cdf1912.tmp

Filesize
790B

MD5
b18422bf438bbb7798280375a7bc0976

SHA1
c1b77b35e3a38ff2ad119f25e548beb5ff68c2e2

SHA256
ee8709e751067193dccdfe218108bdae6a30919d7b6c860bc848c7cc4b242fa4

SHA512
23cb9c74905f514a2bf4ef91afc53ceb08230b3ce68e3eab17bb36c674260d143a7e7105958ff4ed5c2a416bddffb3c7e28dcf8060cbf323c7e4cab71f613176

Download Submit
memory/1016-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1016-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download