a08c3b8d235d0d9a65b2f90fabe4f5031a0378e77d72bf037d8d160671649e49

Analysis

max time kernel
134s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 09:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b2f2235f43767eaefbd340542fb47fd8_JaffaCakes118.exe
Size

12KB
MD5

b2f2235f43767eaefbd340542fb47fd8
SHA1

6c093f4cbf4ee340c2ce3ef2f1ba1ff17423898d
SHA256

a08c3b8d235d0d9a65b2f90fabe4f5031a0378e77d72bf037d8d160671649e49
SHA512

7db0faeadd91ebb434ea55642d9f44d5b37e724de24b979080f42ab67096d8e1f8effdfcfd983e6f96a745d418a8f2ace552d38a7dbf24834f8b6e1d43da731f
SSDEEP

192:cWWtO1xwNpv8bJlPVaW3l0vdV+HRu10QO+ZdHIBXOMnjeBW:cWAOKv8bJpn2vDs9QjZdHI9J

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b2f2235f43767eaefbd340542fb47fd8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b2f2235f43767eaefbd340542fb47fd8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b2f2235f43767eaefbd340542fb47fd8_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3152-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3152-1-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/3152-2-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3152-3-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download