13c6a865cef050b142acb3c4be63a35198bb99cf1fb3f9fbacbccda64fc723ec

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a95458432d1b6f486c0eaf66d40d991c_JaffaCakes118.exe
Size

118KB
MD5

a95458432d1b6f486c0eaf66d40d991c
SHA1

692b7e40314bf9092e90ca2e2d358e65bf80b1e1
SHA256

13c6a865cef050b142acb3c4be63a35198bb99cf1fb3f9fbacbccda64fc723ec
SHA512

274f9f6b9fa98affa63e244e8b8a95ea80915e6a8bada9ece6e984de017014bd2f1cd1e068acccd38e1ee6a02612a66515c8af77e11372ffccd00d4a908b009d
SSDEEP

3072:Hze1S6xvQ9kpRICpBXWyqvVh1C7p4rCrKO46fPc:d6BQ6pzLXAtbkp4rAL46fU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a95458432d1b6f486c0eaf66d40d991c_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2568	a95458432d1b6f486c0eaf66d40d991c_JaffaCakes118.exe
2568	a95458432d1b6f486c0eaf66d40d991c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a95458432d1b6f486c0eaf66d40d991c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a95458432d1b6f486c0eaf66d40d991c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2568-1-0x00000000003B0000-0x00000000003C0000-memory.dmp

Filesize
64KB

Download
memory/2568-3-0x00000000003E0000-0x00000000003F0000-memory.dmp

Filesize
64KB

Download
memory/2568-12-0x00000000022C0000-0x00000000022D0000-memory.dmp

Filesize
64KB

Download
memory/2568-13-0x00000000022D0000-0x00000000022E0000-memory.dmp

Filesize
64KB

Download
memory/2568-14-0x00000000022E0000-0x00000000022F0000-memory.dmp

Filesize
64KB

Download
memory/2568-11-0x00000000004B0000-0x00000000004C0000-memory.dmp

Filesize
64KB

Download
memory/2568-10-0x00000000004A0000-0x00000000004B0000-memory.dmp

Filesize
64KB

Download
memory/2568-9-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2568-8-0x0000000000480000-0x0000000000490000-memory.dmp

Filesize
64KB

Download
memory/2568-7-0x0000000000470000-0x0000000000480000-memory.dmp

Filesize
64KB

Download
memory/2568-6-0x0000000000460000-0x0000000000470000-memory.dmp

Filesize
64KB

Download
memory/2568-5-0x0000000000450000-0x0000000000460000-memory.dmp

Filesize
64KB

Download
memory/2568-4-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2568-2-0x00000000003D0000-0x00000000003E0000-memory.dmp

Filesize
64KB

Download
memory/2568-0-0x00000000003A0000-0x00000000003B0000-memory.dmp

Filesize
64KB

Download
memory/2568-15-0x00000000022F0000-0x0000000002300000-memory.dmp

Filesize
64KB

Download
memory/2568-16-0x0000000002300000-0x0000000002310000-memory.dmp

Filesize
64KB

Download
memory/2568-17-0x0000000002350000-0x0000000002360000-memory.dmp

Filesize
64KB

Download
memory/2568-18-0x0000000002360000-0x0000000002370000-memory.dmp

Filesize
64KB

Download
memory/2568-19-0x0000000002370000-0x0000000002380000-memory.dmp

Filesize
64KB

Download
memory/2568-20-0x00000000024A0000-0x00000000024B0000-memory.dmp

Filesize
64KB

Download
memory/2568-21-0x00000000024A0000-0x00000000024B0000-memory.dmp

Filesize
64KB

Download