0479c0bfdf2d3fcfb8f1ee4253f932e4124328454528195be957eee7ce3186f5

General

Target

b7374b16549cb24de846ed720fd9629a_JaffaCakes118.exe
Size

610KB
MD5

b7374b16549cb24de846ed720fd9629a
SHA1

18fde8f79c4fb6c2824a1898458f53fd7ff1624d
SHA256

0479c0bfdf2d3fcfb8f1ee4253f932e4124328454528195be957eee7ce3186f5
SHA512

e01faebefe6bfbd7c9f4175cf8eab59b1bce71e85500382e7abbb62cdaee455599f2fa2b8b2910b2eec0c72b9cea0fb0cc6851d0b404512d16871153ad7f7e95
SSDEEP

12288:74ypNPM08k4Jkc6M60CY13Ibnn1nnn6K/q6xGJOpqT3SC6t6LhkGRVt4S3:88PM08vJUMp3NKy0Gkpl6CwVtx

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b7374b16549cb24de846ed720fd9629a_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2160	b7374b16549cb24de846ed720fd9629a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2160	b7374b16549cb24de846ed720fd9629a_JaffaCakes118.exe
2160	b7374b16549cb24de846ed720fd9629a_JaffaCakes118.exe
2160	b7374b16549cb24de846ed720fd9629a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b7374b16549cb24de846ed720fd9629a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b7374b16549cb24de846ed720fd9629a_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2160-1-0x0000000001D90000-0x0000000001DEA000-memory.dmp

Filesize
360KB

Download
memory/2160-0-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/2160-28-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/2160-32-0x0000000003590000-0x0000000003591000-memory.dmp

Filesize
4KB

Download
memory/2160-31-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2160-30-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2160-27-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/2160-26-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2160-25-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/2160-24-0x0000000001E10000-0x0000000001E11000-memory.dmp

Filesize
4KB

Download
memory/2160-23-0x0000000001E00000-0x0000000001E01000-memory.dmp

Filesize
4KB

Download
memory/2160-22-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/2160-21-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/2160-20-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/2160-19-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2160-18-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2160-17-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2160-16-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2160-15-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2160-14-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/2160-13-0x0000000003550000-0x0000000003552000-memory.dmp

Filesize
8KB

Download
memory/2160-12-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2160-11-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/2160-9-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/2160-8-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2160-7-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2160-6-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2160-5-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2160-4-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2160-3-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2160-2-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2160-35-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/2160-34-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download
memory/2160-33-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/2160-41-0x0000000001D90000-0x0000000001DEA000-memory.dmp

Filesize
360KB

Download
memory/2160-42-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/2160-43-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download

Analysis

Sharing