68087813622b66eb7e03679ae9015d6098fc4aea131eff8d0ee93344f818b38a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae22b1110abb73934484f09ba1eb5908_JaffaCakes118.exe
Size

24KB
MD5

ae22b1110abb73934484f09ba1eb5908
SHA1

658dccb54121935afd0d59dcf74a5f8a84d63c8b
SHA256

68087813622b66eb7e03679ae9015d6098fc4aea131eff8d0ee93344f818b38a
SHA512

92ff2983d011b8d61c1322d10d124ac3b47df81e1e9056167b13bb92864b0440d62de5bcd5a4f7d66c209b0bd8e26ae117dd0cb426ba0b3f4ccbd4010f8f000b
SSDEEP

384:Aees2vD+SqfPk8UWlJEfuzHAFCgIN3wx1M1Uy0LBCf/1AJIwCF9UKDb:Afs2qSqfFBPEfmEIN3SMWyp/cpE9Uo

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ae22b1110abb73934484f09ba1eb5908_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
672	Process not Found

C:\Users\Admin\AppData\Local\Temp\ae22b1110abb73934484f09ba1eb5908_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ae22b1110abb73934484f09ba1eb5908_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~18.tmp

Filesize
10KB

MD5
1b041b89de8730ce73a81ca00bd4396f

SHA1
7a987eec8d58bb26d30ab48b3a81c78f89410cdc

SHA256
5b9109d0adf77e886f40f3f28ab12caa4253ec2ad79b886eaca45a88fee98225

SHA512
247e6614f1c81ae11e111fe6b8f6f3acb415253bb5a4e13cf9700effc020a32c7d4148eb86cc77cf492175427edc12d20e1ec919e5134fd777fe7d7085d6a940

Download Submit
memory/1948-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1948-1-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/1948-14-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download