b72c7113b62b5c57c950bf2d67a707363ddad871008b4f8a0a25a5f34ea16f90

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de88ed0a78b5f512d4a0ac2b1508a1dd_JaffaCakes118.exe
Size

278KB
MD5

de88ed0a78b5f512d4a0ac2b1508a1dd
SHA1

073eb04d85eb995ab0729fab05cf81d7cc730166
SHA256

b72c7113b62b5c57c950bf2d67a707363ddad871008b4f8a0a25a5f34ea16f90
SHA512

a3188255aa2d991d60230e658ff68a895917fc5db74025aa876f4fee6f663bb984f35efe77d68c72ff21a82afe1ecdc3cb18d23f434b5ac2b3ab336d66541d8e
SSDEEP

6144:Z1Yk7RnxF3BEuTP0PvdA8r1eqABpxEJPlLsiJEwpCzvkSm4krOs7DB:fYex0uT8Hq6eqABvuPl5K5Rkvh

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de88ed0a78b5f512d4a0ac2b1508a1dd_JaffaCakes118.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2272	de88ed0a78b5f512d4a0ac2b1508a1dd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\de88ed0a78b5f512d4a0ac2b1508a1dd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\de88ed0a78b5f512d4a0ac2b1508a1dd_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of UnmapMainImage
PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2272-1-0x0000000001C10000-0x0000000001C5B000-memory.dmp

Filesize
300KB

Download
memory/2272-0-0x0000000001BC0000-0x0000000001C01000-memory.dmp

Filesize
260KB

Download
memory/2272-2-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2272-5-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2272-4-0x0000000001C10000-0x0000000001C5B000-memory.dmp

Filesize
300KB

Download