3592077af2ed00399c7f90ebcdf3c6768028c9e9efbcf4d5fbef7cd6163ce76e

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba0ef0797f849a4925a967f6fc28587a_JaffaCakes118.exe
Size

600KB
MD5

ba0ef0797f849a4925a967f6fc28587a
SHA1

12b7415b9371a4d847e69f684f6c614f13b396c3
SHA256

3592077af2ed00399c7f90ebcdf3c6768028c9e9efbcf4d5fbef7cd6163ce76e
SHA512

81ce827b4dcc8f48ec9e82161ac40ab6e2449a672db8f9cb299dd28ffa090734a6b2b5f5f2471ef0b3e3ae7578fd87b03a42ac453508ff1f4e1ccdc0b84f9e67
SSDEEP

12288:fJv/Rq+7JAFPm+T/F/Aqm8fyI8FU560RlDK/fRyWbJp:B3PutNAbfqJDg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ba0ef0797f849a4925a967f6fc28587a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1924	ba0ef0797f849a4925a967f6fc28587a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ba0ef0797f849a4925a967f6fc28587a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ba0ef0797f849a4925a967f6fc28587a_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\osxp.ini

Filesize
7KB

MD5
495e42fb47c156098abf4845ea9fa50b

SHA1
fdfc97084688c17d76fc2564b10d4ffb0e807db7

SHA256
2f56e429e1882419b477211619d3477a9a78dfacd7eb26f5826785ac7de1a8a0

SHA512
c2d1f3fd02cd3cd8b209fc80922cfe0d2cc4fb46d629714ea783f2fd2af6ad1f130fcfc04ac047e81e6fab608fbf3d9b4bb80cd0deb881168a684548d32e61d0

Download Submit
memory/1924-0-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1924-371-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1924-370-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download