785d9a3c9f67aa9ee351876fc38cd2cb8f764e202d290b5c207375e5049c2646

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead29c8f128af58e866c79c08fd4558b_JaffaCakes118.exe
Size

2.9MB
MD5

ead29c8f128af58e866c79c08fd4558b
SHA1

2638e85d7cfae021513b8afc869d53d9c962de19
SHA256

785d9a3c9f67aa9ee351876fc38cd2cb8f764e202d290b5c207375e5049c2646
SHA512

0be9fc91ca30ca53d491f47c47803c954c256a2c41cc6d363f8a698bb36f83db656389232df58d5cacc31c667456ec0439c319ac392517bf6836b9e9a17cff5d
SSDEEP

24576:ncQTk+JXAFDSm0RmwuFqA6VAEDPrvgxNoPccU7VBZ9g3ZidFlXQQxgej6bm8VSsu:nyZ0lVAkDvaIchVP9Yi5N+PXkZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ead29c8f128af58e866c79c08fd4558b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ead29c8f128af58e866c79c08fd4558b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ead29c8f128af58e866c79c08fd4558b_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x00000000003A0000-0x00000000003F2000-memory.dmp

Filesize
328KB

Download
memory/2208-2-0x00000000003A0000-0x00000000003F2000-memory.dmp

Filesize
328KB

Download
memory/2208-3-0x0000000000402000-0x0000000000403000-memory.dmp

Filesize
4KB

Download
memory/2208-5-0x0000000000400000-0x0000000000FAC000-memory.dmp

Filesize
11.7MB

Download
memory/2208-4-0x0000000000400000-0x0000000000FAC000-memory.dmp

Filesize
11.7MB

Download
memory/2208-6-0x0000000000400000-0x0000000000FAC000-memory.dmp

Filesize
11.7MB

Download
memory/2208-8-0x00000000003A0000-0x00000000003F2000-memory.dmp

Filesize
328KB

Download
memory/2208-7-0x0000000000400000-0x0000000000FAC000-memory.dmp

Filesize
11.7MB

Download