c03e5d09aa61dae4cda64c648d48cb79b76aa8ca9ea783017ef517a7a46e5b17

Analysis

max time kernel
138s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de63d60aa21b2999571b29b4c83ed250_JaffaCakes118.exe
Size

228KB
MD5

de63d60aa21b2999571b29b4c83ed250
SHA1

f4fa5b76bc4c48fb8f93a3c7e9b76abcbd351b0b
SHA256

c03e5d09aa61dae4cda64c648d48cb79b76aa8ca9ea783017ef517a7a46e5b17
SHA512

6f7a97c9fcb866a47c53aa33e5f345e481e27e6bdf81e77be742775e663ca1e3bb5805ad01289909aada9a9f5057427674ba4a86b71844c802269c9bd4a221e8
SSDEEP

6144:+6JCT3oGg8kwzk9QfotMtq8rdAUk7kO8FZC9zU:+64UGgGzAYoKRrdnO8XCa

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de63d60aa21b2999571b29b4c83ed250_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
488	de63d60aa21b2999571b29b4c83ed250_JaffaCakes118.exe
488	de63d60aa21b2999571b29b4c83ed250_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\de63d60aa21b2999571b29b4c83ed250_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\de63d60aa21b2999571b29b4c83ed250_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\list.txt

Filesize
23KB

MD5
e3035fe730933c13348df314ea228a7c

SHA1
c124b192ccc036c6bd2045e4ae94d8f85dc9acd0

SHA256
be2f36ad2a15d32bbc7d6de3457297365e06d88684face993acad84654ddb274

SHA512
48c7c07f75106dab8b578413ae4789bcf4a1ad110968e455338d515a63718129f9ac50828eb59c7ff83856a3472c1bfa1a10b024797e4753dab35cd99630596f

Download Submit