576cecaf422528fdfd648a6563850e5c823951f10a2d63a1d2a279a20664a84e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 23:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ce22838c3861e0c3ef829c9841416327_JaffaCakes118.exe
Size

41KB
MD5

ce22838c3861e0c3ef829c9841416327
SHA1

3734fe9cec81562e9abead911948332980e96ec6
SHA256

576cecaf422528fdfd648a6563850e5c823951f10a2d63a1d2a279a20664a84e
SHA512

74ec8a7bc9ccaff854a43e58a59268ea65e6365f4721f969eaecaefc2e1cab66d8e0deee9b71c1ead3b7cb6f963bf3a9105674082182285307cdf6c806d3976c
SSDEEP

768:N6l3i2TE1Zk50+EUDK+gFDw2dYZcUpB7iZ2LsNNoNX+Hmh:N6PIk5JsoLpBYunh

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ce22838c3861e0c3ef829c9841416327_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ce22838c3861e0c3ef829c9841416327_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ce22838c3861e0c3ef829c9841416327_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2104-1-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2104-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download