49e68d004ef7c1d28fa35cdccee070c33e12e4058fb0262badb6ed7107f0dc1a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15980b511c91361f4ce965469baa5965_JaffaCakes118.exe
Size

390KB
MD5

15980b511c91361f4ce965469baa5965
SHA1

4024029fdc750c699049cb2cf4cc8508eb9f4bc3
SHA256

49e68d004ef7c1d28fa35cdccee070c33e12e4058fb0262badb6ed7107f0dc1a
SHA512

e8fa06e932058a7e56cf68713393799191c810491e0c03fc02ccd5c81af4417c2a368734931a6f8f90510717ff583db21b7dacf1db6400e0ca1e1e40a45dc607
SSDEEP

3072:Dtyeu1miLu7JxyKWK48edaLPpaUPi2JDJsBRDh3v3rl5/NfWsqLnfJQiAe5:ZyP1mg+yXh80aFaUPi2FKrlgh

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	15980b511c91361f4ce965469baa5965_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\15980b511c91361f4ce965469baa5965_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15980b511c91361f4ce965469baa5965_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2628-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download