f2133b6983664dc58e2fa1fae060baff1d30239e5a496c71ea7748363603762a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b081118d6bc98c1651a5beaac9b1d36c_JaffaCakes118.exe
Size

2KB
MD5

b081118d6bc98c1651a5beaac9b1d36c
SHA1

24a580a11e0e8bc51ad4cba54fa691084872811b
SHA256

f2133b6983664dc58e2fa1fae060baff1d30239e5a496c71ea7748363603762a
SHA512

8e7fc4c62277096921dda14c4738f6bf1dc4d5f6a28978ecde912be3da0a140a8d07d17ccb5a4cadc4247fc502bcf9030e3afffad1e042196192a890bb561d97

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b081118d6bc98c1651a5beaac9b1d36c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b081118d6bc98c1651a5beaac9b1d36c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b081118d6bc98c1651a5beaac9b1d36c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3888-0-0x0000000000400000-0x0000000000400A40-memory.dmp

Filesize
2KB

Download
memory/3888-1-0x0000000000400000-0x0000000000400A40-memory.dmp

Filesize
2KB

Download