5fe82c503168a92a8274bbe85b22574b07b41c0ad76f892405b2156d06f49e6d

Analysis

max time kernel
139s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 21:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

94c10bc294cd1509d690ded5d4ae2b2c_JaffaCakes118.exe
Size

176KB
MD5

94c10bc294cd1509d690ded5d4ae2b2c
SHA1

3bda4234782b1b099c42c26885192194dafa7ba2
SHA256

5fe82c503168a92a8274bbe85b22574b07b41c0ad76f892405b2156d06f49e6d
SHA512

40a51c3a9de3772984a2ed265924972801acddbed20c24225423d520b712ce44ddd70c3215915276014ceb311fc009410cf8dc0e301a564128e620d75e87f7c1
SSDEEP

3072:hMZLFLBpfw80Ejxjw0v17/JHAGGki3lCek8ZSb+nvam7/nYVsIkYzGb8k:hMZLFtBZ0Kx51Di3ZCRm7/nCGdg

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1508	3788	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	94c10bc294cd1509d690ded5d4ae2b2c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\94c10bc294cd1509d690ded5d4ae2b2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\94c10bc294cd1509d690ded5d4ae2b2c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 348
  2⤵
  - Program crash
  PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3788 -ip 3788
1⤵
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3788-0-0x0000000004000000-0x0000000004074000-memory.dmp

Filesize
464KB

Download
memory/3788-1-0x0000000004000000-0x0000000004074000-memory.dmp

Filesize
464KB

Download
memory/3788-2-0x0000000004000000-0x0000000004074000-memory.dmp

Filesize
464KB

Download
memory/3788-3-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/3788-4-0x0000000004000000-0x0000000004074000-memory.dmp

Filesize
464KB

Download