de2703dcde272092502912bec66819b2d7d8e68b2a0578cae053ed38cc552feb

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab94bf75abf26062819c3ebf3bf91330_JaffaCakes118.exe
Size

545KB
MD5

ab94bf75abf26062819c3ebf3bf91330
SHA1

69471247db70e3807afd8f8f5f329573882228c3
SHA256

de2703dcde272092502912bec66819b2d7d8e68b2a0578cae053ed38cc552feb
SHA512

1801bdbc9657184b631fc5b88db77f07143d4a07af5ef7d078eb6446ad00510fc4d34f3bb9c4c67b87ce3f850538fe6f04830ec2759710395c8b03d7189e2fd4
SSDEEP

12288:t0j52pk0HjJ7NpLZzXfFrDcJp15HkY24eB1+x5N8A:M5YkMF7NNZzXfFr4/15HkY2o5N8A

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ab94bf75abf26062819c3ebf3bf91330_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ab94bf75abf26062819c3ebf3bf91330_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ab94bf75abf26062819c3ebf3bf91330_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2744-0-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download