b1da1488ff59f6ac6b37e73d6e90c160407b04da9b1c6ceec89fdba552f97b46

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

135d5d32df5ae223d43521244de955ea_JaffaCakes118.exe
Size

140KB
MD5

135d5d32df5ae223d43521244de955ea
SHA1

7f4399dd257a4921449767b932e47b1dd922b07a
SHA256

b1da1488ff59f6ac6b37e73d6e90c160407b04da9b1c6ceec89fdba552f97b46
SHA512

ff8138bc100f93efb9ca3c48cf428de0610f04158358b26613cce01f59d3a8ba0693854eaa92b842d6b9ce0511b760531af60844ca46b528e988f430937d901d
SSDEEP

1536:u7Nx7zA4eBF2GQRVVsRQ5gRkmqeO0D/btGSRSh5+OsSCW:kNVzLeBF2vVqwmRDtlEh5+OZV

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	135d5d32df5ae223d43521244de955ea_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\135d5d32df5ae223d43521244de955ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\135d5d32df5ae223d43521244de955ea_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3044-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3044-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download