d952ccc072f3b70e7553eb21c78c06bb9f829889546e121e5db5fbc8c9b84d69

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea962a00bbd01dd28586ccf7b05b66c5_JaffaCakes118.exe
Size

28KB
MD5

ea962a00bbd01dd28586ccf7b05b66c5
SHA1

01273ed41f88bddb1b901a060f90eaa492f212ce
SHA256

d952ccc072f3b70e7553eb21c78c06bb9f829889546e121e5db5fbc8c9b84d69
SHA512

726c1a3902dfbc467d366cf54430cb399f199fab2206c518d3528170ca7f6abf375ac9b028eb59d5eb7840b7d6dcb83a656b71bdd2f20de9214dcdb95aec73b8
SSDEEP

384:blFxCFRQE3+MuOEDKHNn2MAvYleowJYzFNVnQTf1mojs:DQxi6NdaYlexJAVnEUM

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea962a00bbd01dd28586ccf7b05b66c5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1160	ea962a00bbd01dd28586ccf7b05b66c5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ea962a00bbd01dd28586ccf7b05b66c5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea962a00bbd01dd28586ccf7b05b66c5_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4328,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads