985b5698448c58949e7413de58241219bea5cbe4b87dda36350ff91d113af859

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 22:07

Target

0ca6c239c0e51f3954e7576b18d742f4_JaffaCakes118.exe
Size

2.5MB
MD5

0ca6c239c0e51f3954e7576b18d742f4
SHA1

b303618e1ee837755a38d5da9d64ea9d1580630d
SHA256

985b5698448c58949e7413de58241219bea5cbe4b87dda36350ff91d113af859
SHA512

a446014af4ebf7328903ff02116a0c65dcea3e04994a5aa795f0482eead16b0481d766b69ff1fb544fba8746cb84b5953dccb8f630931f1cb51322a02eec5529
SSDEEP

49152:Xh+l1vRhWIkhNRmMyMqurxqAWaotFi0JaPze2dtdwCJeEfsx/kS:XARhWzhDmMyMqMLoCyJ2dtdwke

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0ca6c239c0e51f3954e7576b18d742f4_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2900	0ca6c239c0e51f3954e7576b18d742f4_JaffaCakes118.exe
2900	0ca6c239c0e51f3954e7576b18d742f4_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\ProgramData\Icons\cache.info

Filesize
68B

MD5
009c2f1af106ffb442ae1358c5574884

SHA1
810270906e8ef2f149b6a16066e78e14c6952edb

SHA256
0b47a30a09d54f91aeca12b6b1c8b894918bd21a01b733d26404a392a87099ff

SHA512
5035ee13d8a158a53460433330dd96ef7bf071ed8efea3e88aec8211dd98555fe4a967f255bb9bd330853d44397a2cea9fc872addf9450c3191a9b7113e0d195

Download Submit