efa6a4e70e6f498a22b2325bf6aa7e347e20d888314845de479de0449858e7c7

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

844d4b99a564f7fee4f03e008455d5c4_JaffaCakes118.exe
Size

80KB
MD5

844d4b99a564f7fee4f03e008455d5c4
SHA1

abdc590ce1163d4dee80ea5ae8fac70fece2a83e
SHA256

efa6a4e70e6f498a22b2325bf6aa7e347e20d888314845de479de0449858e7c7
SHA512

3bacff8d9db23c3d5908c1e54400a661363afcb2acbc0ebb4cd82778bd1048f698650f7aa12feb60e4552ac6a98d2a5149177ab1a4e0782297db5e4af7f9eeba
SSDEEP

1536:4kAgmUvPQMKTwL3VuWG3Z7wyEXuUdb5EDl9w:tAgmU36ArG3Z7wyEXD5Ex9w

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	844d4b99a564f7fee4f03e008455d5c4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\844d4b99a564f7fee4f03e008455d5c4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\844d4b99a564f7fee4f03e008455d5c4_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4568-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download