79dea1e3fd2c97d7a9757f678721c586d98404df9b9a1e3f98f399e7bcda4a80

Analysis

max time kernel
142s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0f617310cd81d1175edc446ec0b59a5_JaffaCakes118.exe
Size

21KB
MD5

b0f617310cd81d1175edc446ec0b59a5
SHA1

94f247413e0be839f487acd9a6a4f332b570dbb1
SHA256

79dea1e3fd2c97d7a9757f678721c586d98404df9b9a1e3f98f399e7bcda4a80
SHA512

9960ce283e9a53afd620c7597db2954d5eb8d4963b611d2480e6a16c8a9e89a7211975e461ae70a6fcb5895ae8e5471ac532b2804649935cbb8b404f23023076
SSDEEP

384:b7vkNzincBcNADupl2+RMNbBwvbSwLkNarRjbA0AjxiugE7+cD:Pk0ADuS/V+Sw4NGbO1Zb+cD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0f617310cd81d1175edc446ec0b59a5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b0f617310cd81d1175edc446ec0b59a5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b0f617310cd81d1175edc446ec0b59a5_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...