5b70d74bb7be76d9b52ca78e4f57267b0a972a327e33d8e553b1341d4cb7ff2f

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 02:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b5f0e1310fa1e42f1d986667ed86a287_JaffaCakes118.exe
Size

126KB
MD5

b5f0e1310fa1e42f1d986667ed86a287
SHA1

03c823fb41e66a48ee3272ff46976a5bb40d6416
SHA256

5b70d74bb7be76d9b52ca78e4f57267b0a972a327e33d8e553b1341d4cb7ff2f
SHA512

2fed9a172f3ade702c03b6a35187fb2af1cfd12e6a5feb7b773c70e7870140ba77d66dd13f833b2523aafceb62dbb1b5d25b26e7c3f203df0dd8ce84c7f142d1
SSDEEP

3072:2gUTfowKS+QZFFmcNPhjj2Xcs14Ih7u0TS:2DTYS+Q/FrN5jjuR14Qy

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1304	5080	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5f0e1310fa1e42f1d986667ed86a287_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b5f0e1310fa1e42f1d986667ed86a287_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b5f0e1310fa1e42f1d986667ed86a287_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 256
  2⤵
  - Program crash
  PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5080 -ip 5080
1⤵
PID:4252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5080-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5080-1-0x00000000009F0000-0x0000000000A1D000-memory.dmp

Filesize
180KB

Download
memory/5080-2-0x00000000009F0000-0x0000000000A1D000-memory.dmp

Filesize
180KB

Download