ee4e20a1179bf641e6d9f627a8731b9504c9a3a0e71e9582c465275c9eeb3da3

Analysis

max time kernel
134s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb0666e83e4cd7dfde92a7ee39b7f84c_JaffaCakes118.exe
Size

39KB
MD5

fb0666e83e4cd7dfde92a7ee39b7f84c
SHA1

a3e2a63f3119f46c7d5cb175881c35393ac7b81b
SHA256

ee4e20a1179bf641e6d9f627a8731b9504c9a3a0e71e9582c465275c9eeb3da3
SHA512

c7f2362838e28b045345932998453992e0361e6377babed85f8ae5734de7d5e5ce001a6ca9d9babee3beaf89f7630c5364b971066d00bd69c72b4172fd90c493
SSDEEP

768:NWOkZE1xeIH1NrM5e7WJXMz7akw1LIQzTGf/:NF2E1NV5M5eGMfTwlIQy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fb0666e83e4cd7dfde92a7ee39b7f84c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fb0666e83e4cd7dfde92a7ee39b7f84c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb0666e83e4cd7dfde92a7ee39b7f84c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2772-0-0x0000000000400000-0x000000000040AAF0-memory.dmp

Filesize
42KB

Download
memory/2772-20-0x0000000000400000-0x000000000040AAF0-memory.dmp

Filesize
42KB

Download