934909631173a5244d8ddb0e4480304b4fcb217ba82d68774c146c06ffb98f6a

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2426f4062092426117bf9942b0bb1e6_JaffaCakes118.exe
Size

8KB
MD5

d2426f4062092426117bf9942b0bb1e6
SHA1

adf69745769ce68680498967e26df3b3888ef51a
SHA256

934909631173a5244d8ddb0e4480304b4fcb217ba82d68774c146c06ffb98f6a
SHA512

7d31565808648f7cd27cab596bc47f75344e89fd8f5f2b498371a98d9aded29797a07fa44250d1cc5d0c482e701652657b709de65551d5a8fca3b009e2cd1b7e
SSDEEP

48:OEPihrMpVXv2pmL3L0Jacr6P0EC4/24kixRr2rV9bq5d1OLZsZ2BxJt3G4MgnDuy:nPixwhjg0ue0hKOLZsZ23JtOXy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d2426f4062092426117bf9942b0bb1e6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d2426f4062092426117bf9942b0bb1e6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d2426f4062092426117bf9942b0bb1e6_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2092-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download