a1a648c420dec0928715ce879e5414d56b5be2d2eb844ce3ce7a5c493b638736

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 16:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

afecf1ff3a339078317ef783326f3f24_JaffaCakes118.exe
Size

1.3MB
MD5

afecf1ff3a339078317ef783326f3f24
SHA1

d7731d4b61a2b169bb7b5fc04d391cd26467bf0c
SHA256

a1a648c420dec0928715ce879e5414d56b5be2d2eb844ce3ce7a5c493b638736
SHA512

dc67818a628ca9d0f16ee2425382222dfd03972e1ec894edd7fbf9c0bea2ecb22df62fefe6d47c8868baf37aaadc108c54b061c411ab2ed3f999be12db16f761
SSDEEP

24576:yLzl+QYGb20MDmGMQkaW2tLR05nTwEsQ4OeN4fUu4V6uRCeS4NYe/Hpq:ozYsb20MNMQk6t1056OlP4kucedNM

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	afecf1ff3a339078317ef783326f3f24_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\afecf1ff3a339078317ef783326f3f24_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\afecf1ff3a339078317ef783326f3f24_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\oziexp.ini

Filesize
295B

MD5
c291d34c0127c7f03c87967ad5af9341

SHA1
c9d04a0b5fafd399c5483cd6458d33867e9b0d69

SHA256
9125b926d337db5180c2f0059d280f4e1216de19dacc8faf07d04ffadaa811d6

SHA512
f6e8e9b49873ed2105ddb38ec4ce82e96066d191a87aec1f38de0bee986f473455050481c05f04893f1513def355f6c2a87770d13136f10f4ec68e18a9e81ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\oziexp.ini

Filesize
261B

MD5
1d8d286f4af0100c8c9ed0a31b06f048

SHA1
6b271756cf7dc0e9f93edf5d05960faac94a6164

SHA256
259973c2c6241ad713174c330ee58c376b53fa4942499460a240d057947d16f0

SHA512
f445173c4ecfb288d1d54ffb3f989dc4187ed0b3a5b4695a012e7a927bbd90cf8b7711783afcf2f6f1dcfb980bb358706144cf5d7ad9a7ed245e752dc8ced08c

Download Submit
memory/2524-1-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2524-0-0x0000000000400000-0x0000000000FD9000-memory.dmp

Filesize
11.8MB

Download
memory/2524-2-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2524-89-0x0000000004760000-0x0000000004761000-memory.dmp

Filesize
4KB

Download
memory/2524-310-0x0000000000400000-0x0000000000FD9000-memory.dmp

Filesize
11.8MB

Download
memory/2524-313-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2524-314-0x0000000004760000-0x0000000004761000-memory.dmp

Filesize
4KB

Download