89f946612b6c1817b74fc8d75dcac915630e2538a8bdbce9ed8b0c8fd0405644

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26-08-2024 04:51

Target

c251309205e319f1a8a2aac081a48500_JaffaCakes118.exe
Size

3.0MB
MD5

c251309205e319f1a8a2aac081a48500
SHA1

67b5b6336e32c1ed01eb5ba9ecec593cf4dd5b8d
SHA256

89f946612b6c1817b74fc8d75dcac915630e2538a8bdbce9ed8b0c8fd0405644
SHA512

78a668e5c6512b993d17589c19eff76f030574883006043c19fab71a004d1038ddd715f66506c947c36ede07e3675795071ecb81825fb9381d9abdd9f95b0749
SSDEEP

49152:et+HdvEWN7vvs4QLnY3UI6G+yKiO+8EVtAk8ieDbRZT6TMTipW0uj5ssgJfmZjnj:NDdQ4UrG+kO+XAkRGZT6GasAgjnE4

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c251309205e319f1a8a2aac081a48500_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2924	c251309205e319f1a8a2aac081a48500_JaffaCakes118.exe
2924	c251309205e319f1a8a2aac081a48500_JaffaCakes118.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\popcfg2\files.cab

Filesize
2.8MB

MD5
335f9af0f18284d52615b49049f7e8cc

SHA1
a9785247d97933bb038272ef08fe59966c027fa0

SHA256
73f7a99cf6b19a4de394588fcd9e05dfb896ae15de8b63531b1a19d84e37a7c3

SHA512
49bcca5d112fd13124e12ee33bd6bbef38f47977b21f5fa1ca5a8e71786b15c2a3b6267f7ae667200a25dc705edf0d68de12ac6b569f1b18a94abd1534ed94c9

Download Submit