7ec39b8ce08c5ed5d445848a51f9974ca434faa0baf8566fa3d58a2b3fe84391

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6fc7ffa2dbae77c90608ef1c613a958_JaffaCakes118.exe
Size

1.0MB
MD5

a6fc7ffa2dbae77c90608ef1c613a958
SHA1

1a86def450401840bc93a6569b5f72ed695af9d3
SHA256

7ec39b8ce08c5ed5d445848a51f9974ca434faa0baf8566fa3d58a2b3fe84391
SHA512

babec336b96aae29b2de253ce30778c056e7136d6d1c9b311f5e55a32724f6c85806588b365b6aa6b90f4c9926ad7454a77df3cf5e1d66f5cc6be0ee80c28374
SSDEEP

12288:bUhHnP3phwpzoGcNLiiaHXx1+y6rAs1BG42Vb62yNDwU8IBaQirme0nOx1gstdxZ:QBP3Uc8itrGK5wU8XQi0Ov962h

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6fc7ffa2dbae77c90608ef1c613a958_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1460	a6fc7ffa2dbae77c90608ef1c613a958_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1460	a6fc7ffa2dbae77c90608ef1c613a958_JaffaCakes118.exe
1460	a6fc7ffa2dbae77c90608ef1c613a958_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a6fc7ffa2dbae77c90608ef1c613a958_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6fc7ffa2dbae77c90608ef1c613a958_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a6fc7ffa2dbae77c90608ef1c613a958_JaffaCakes118.ini

Filesize
40B

MD5
74737205ec673b0b72f81035377afb46

SHA1
1032273ad99585d95bdf124f1ca0912f1248b23d

SHA256
096f9f18d0089b1423a45a95235e3e358aa9fbcf32f462a2e7628a4b4dedae9a

SHA512
5a39a865d5a29530dfae3bebf87e030243df73746a4578ac96b5b52b72ef38d6459fb2968fb0876b4e1fe1fb739f0093fac90211d4ab44249fb84cdb588b3044

Download Submit
memory/1460-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1460-9-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1460-8-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download
memory/1460-11-0x0000000000400000-0x0000000000509000-memory.dmp

Filesize
1.0MB

Download