773c3c1cf57e83346e2d6fd16564b0ee7ecb10e02b67c657cd0c489a79902022

Analysis

max time kernel
94s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13d65ee538dda2cfef676170bd49794e_JaffaCakes118.exe
Size

308KB
MD5

13d65ee538dda2cfef676170bd49794e
SHA1

dd4da8486056c30c09d93d2350b2de7291ebe087
SHA256

773c3c1cf57e83346e2d6fd16564b0ee7ecb10e02b67c657cd0c489a79902022
SHA512

738fd4de34b1a878602c10fed75b21a3fb5248a978eceb79a29d57a92cde213a04695f692fc40b06f768733741fe193500fab72acfe49a46f63c390396d3eb8a
SSDEEP

3072:fb1jkNuet1umvFgQDMvoBreteIF3esf10X3hTlOgKIdQv6UBk5cREBJ93hiEpJTH:fBjkNvumOQDHIF3eQaToBWku5cexPvB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	13d65ee538dda2cfef676170bd49794e_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4676	13d65ee538dda2cfef676170bd49794e_JaffaCakes118.exe
4676	13d65ee538dda2cfef676170bd49794e_JaffaCakes118.exe
4676	13d65ee538dda2cfef676170bd49794e_JaffaCakes118.exe
4676	13d65ee538dda2cfef676170bd49794e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\13d65ee538dda2cfef676170bd49794e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\13d65ee538dda2cfef676170bd49794e_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads