e5ff3c2b154279e6c829c13c2d39c496578475ef6080ede946e0a2ae1a19a4ea

Analysis

max time kernel
145s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

165ee7d416c562a7c0967d43dcef1d6c_JaffaCakes118.exe
Size

517KB
MD5

165ee7d416c562a7c0967d43dcef1d6c
SHA1

b8fc63afc95461a6e9bdedb64edc0520db89dc89
SHA256

e5ff3c2b154279e6c829c13c2d39c496578475ef6080ede946e0a2ae1a19a4ea
SHA512

5bd5a7696f8c1c255ad234b9ad31490124a5c584d78516c40c059d3b5916b2be5db01a7f24ac33f6f341a4fe25519f9f39e001746f33892e2e0c464f56d7afca
SSDEEP

12288:Y7+hRM1BemRaf5VmQUOB6D/DTP3XPB+9s/9zCCFyaPBq3qr7ftmTf:u+hVQaf56Dn085s3qvtsf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	165ee7d416c562a7c0967d43dcef1d6c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\165ee7d416c562a7c0967d43dcef1d6c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\165ee7d416c562a7c0967d43dcef1d6c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ServUDaemon.ini

Filesize
43B

MD5
03760e189eaf94e21702ff2fc5a49c45

SHA1
b80c4314554faa05395a213bcf547eccb6f7e542

SHA256
cd559840a9038ff38f340d7705687818d4195bb82df984afb31c4c5dd3d55791

SHA512
7abebed0364b3aa0fcca4a7ae8461983ac948fd6792b530f42c8bfd32e3d65c9ff0381b87c01983ce39bee1ca7bb3f5bc87739934dcaf08e3a29784eadb5addc

Download Submit
memory/1232-0-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-47-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-51-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-54-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-58-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-65-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-68-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-72-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-75-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-79-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/1232-82-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download