1579ff6c882e5fa7b1e1acdab182737af2eb4b6c07c6cdced6ca10d8f1acddad

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

defcaa1dfd5441dc448b581613771cc7_JaffaCakes118.exe
Size

201KB
MD5

defcaa1dfd5441dc448b581613771cc7
SHA1

33667a970657815bbb8074badf4f9f937dd13edf
SHA256

1579ff6c882e5fa7b1e1acdab182737af2eb4b6c07c6cdced6ca10d8f1acddad
SHA512

8d13ba74064324b60cd83a546b02b6a59717f8a5cb3fec414ded7334311ac4a6a09656b918260ed5fec127d5ed05e8fe2b155a257535773f39e5c30cb1f06f92
SSDEEP

3072:YQ92Yn+C8CxmBnIJoJ8xcB9yekH4ibNHJYzzFfx4Ie8f9Hhp5t93PEQGqFOGiHW:YdysTJ/jyBPaL4Ie8flft3OGi2

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	defcaa1dfd5441dc448b581613771cc7_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2360	defcaa1dfd5441dc448b581613771cc7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\defcaa1dfd5441dc448b581613771cc7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\defcaa1dfd5441dc448b581613771cc7_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...