b9e499a6f95d175a20e84d5d1bb0b83a1a2076f7512b01cb9ab9a2f84b8aa8ba

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe
Size

181KB
MD5

566a876fcc23868729930e0dcce62bce
SHA1

8aadb3c6c8f9fbaeeb282b4923f540a90eb29a1f
SHA256

b9e499a6f95d175a20e84d5d1bb0b83a1a2076f7512b01cb9ab9a2f84b8aa8ba
SHA512

030f5d4fb3eae5b93b1a2ef89bb5ca8a9cb291121ef2bb8535fe8d9e9a4932b50c8156f1b879b02d40e99f1a2a0aaf1ef923ba621cd9058e9f604869318bd7d4
SSDEEP

3072:B3uS8TBBWZz2vuZAJh4qp5UI5/cu1Ww8NopUD4Exa4+T/gd1XD9crHIK:FrWBBWZz2WZAr4qXnWvDD4FFK1XD9ix

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe

Modifies Control Panel 7 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\sThousand = "."	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\sMonDecimalSep = ","	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\sMonThousandSep = "."	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\sShortDate = "dd.MM.yyyy"	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\iDate = "1"	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\sDate = "."	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\sDecimal = ","	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2744	566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\566a876fcc23868729930e0dcce62bce_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2744-0-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2744-3-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download