6eeb2b57feedfd2a1064b73889860eef7b6681ae83a0af1f7ac1d227f631e1a9

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31/10/2024, 08:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

82768fd8d0d50156c81888a6a44334f0_JaffaCakes118.exe
Size

90KB
MD5

82768fd8d0d50156c81888a6a44334f0
SHA1

c48a16bf40ab229871abd5c249e17e56ede195c4
SHA256

6eeb2b57feedfd2a1064b73889860eef7b6681ae83a0af1f7ac1d227f631e1a9
SHA512

75ce0cf83aee9068a99bc1196f432ed915799e979f2db262708ad83c4d41603d4bd8b2b3b2ef965ed1f6a13ee1583f9c6b00a6a50be14f9807895744f9e97dcb
SSDEEP

1536:pFbhN3KwQR2aqVPv3r5qCVQwZquIFTa4ETv25+RcKYfO95m+L25IPY/C9s:H330Qpv3b6w8uI1tETw+RpNL25ISCe

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82768fd8d0d50156c81888a6a44334f0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\82768fd8d0d50156c81888a6a44334f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\82768fd8d0d50156c81888a6a44334f0_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-1-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-2-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-3-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-4-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-6-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-7-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-8-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-9-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-10-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-11-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-12-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-13-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1740-14-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download