5872a44a9775a52e5b0cf96de4e70159816c008b5c896c2b454887386c6d6830

Analysis

max time kernel
142s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac091b7e8fec4a3d8d82ed9f86fb397e_JaffaCakes118.exe
Size

393KB
MD5

ac091b7e8fec4a3d8d82ed9f86fb397e
SHA1

426e7bee9f40e3ff4187cbd911522cc5e152bb5a
SHA256

5872a44a9775a52e5b0cf96de4e70159816c008b5c896c2b454887386c6d6830
SHA512

326e73d823f5f18d2c1459514530408dbd995ddec0d9ec6b382ee732a2ee2e5a3f61de08fc1828efb41157ffd2e90678874019f5b1b48e74ae9c87badbf9d404
SSDEEP

6144:SGHgRyd/UhmDZ7VPQnRJ9D6issXZlYdYVWqjUEFPhH:SdyekDZ5PM9D6issKDEHH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ac091b7e8fec4a3d8d82ed9f86fb397e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ac091b7e8fec4a3d8d82ed9f86fb397e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ac091b7e8fec4a3d8d82ed9f86fb397e_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/788-0-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/788-2-0x0000000000401000-0x000000000043B000-memory.dmp

Filesize
232KB

Download
memory/788-3-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download