7de56330daba4f939bec9aef42906356e455f6bbc43e1c5cb4140f1b19136b0f

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3538e2b4c5e51d79f07c31144c6e903_JaffaCakes118.exe
Size

52KB
MD5

d3538e2b4c5e51d79f07c31144c6e903
SHA1

c6f6f86d7a4d66a7f5f2d46b457d2539f10365d1
SHA256

7de56330daba4f939bec9aef42906356e455f6bbc43e1c5cb4140f1b19136b0f
SHA512

2179c5fd26e96e50131c868e85d0234c5783a4aef48d967d198249209b92f291b9c46510644c29796c8a3164b2fad30431064562ea95c8ca9265b4471321e208
SSDEEP

768:/9yXrc1EbUzyu52vAMyI/hCWJVBd5Sfs:/Qo1Cu55yAVZWVdH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d3538e2b4c5e51d79f07c31144c6e903_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2748	d3538e2b4c5e51d79f07c31144c6e903_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d3538e2b4c5e51d79f07c31144c6e903_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d3538e2b4c5e51d79f07c31144c6e903_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CloneF_4.exe

Filesize
52KB

MD5
ef9db068b294a788593c252d66805daa

SHA1
967c3eb30ceb200109363bd80140a34f541ccdbb

SHA256
2189f6205f1c7e85acc2f358570ebc977b5906dc2c95e09f642e1b561304dff2

SHA512
3da73fea2453c19372a61a4dc6b5f4dadc0d6746faaae4311e9f743fb098b8a8827927e871807a045c4428a447c0fb878a43faffec85503cd5386c4c707e176f

Download Submit