3daa9cf8cbf7cfc41b3167b7906177338a992e00a4441b9ce6f9c2eb81b66ffa

Analysis

max time kernel
93s
max time network
65s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-10-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe
Size

3.2MB
MD5

6c2597fdd22234c2e738ca0d8f05be66
SHA1

1d7b0760ff254f2858f14d6effd25de2b9d24d45
SHA256

3daa9cf8cbf7cfc41b3167b7906177338a992e00a4441b9ce6f9c2eb81b66ffa
SHA512

e5e8a99d071372b428674362e35e809e3baaea2de5a2d3fdda88f814de1200307f38a794214034889bec3183910e1ed08e393d74b5a910f20c30a20c7e093255
SSDEEP

24576:QkcetLrKpZRQ5zSLHMLj0G46jlV7cmjl94j9srIq7w0HqOT7IsMCfrXB4h8iaVAz:Q6xKH8siNjTSi7j1DXyh8ij0En

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe

description pid process

Token: SeDebugPrivilege 1232 6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	1232	6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6c2597fdd22234c2e738ca0d8f05be66_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1232-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

Filesize
4KB

Download
memory/1232-1-0x00000000013C0000-0x00000000016F6000-memory.dmp

Filesize
3.2MB

Download
memory/1232-2-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Filesize
6.9MB

Download
memory/1232-3-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Filesize
6.9MB

Download