eb0c863c4f89b6915ec1e2adc1e135a1fe9f67a72837b68e3686035698c589c8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b67421a948a0b890b655523f8eade4ff_JaffaCakes118.exe
Size

290KB
MD5

b67421a948a0b890b655523f8eade4ff
SHA1

bb251f721438cae3773c6d240fdf4774c43d23b7
SHA256

eb0c863c4f89b6915ec1e2adc1e135a1fe9f67a72837b68e3686035698c589c8
SHA512

4b7107a435c6639121fe6c1abf5afc8dd4f9c1ac83f82d7888b0f40e87182e3ae0b0484117d6fbc17b229076624829e91f79c43b50c12263742d1fc90a46175c
SSDEEP

6144:cfsUV09Du+Rc9DMQtc9LMojzmx1i68Nby67pkkDvarndYLx3IhpD:Ap2C9DGh1wi6AyephDvcY13QpD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b67421a948a0b890b655523f8eade4ff_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b67421a948a0b890b655523f8eade4ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b67421a948a0b890b655523f8eade4ff_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3048-0-0x00000000021F0000-0x0000000002231000-memory.dmp

Filesize
260KB

Download
memory/3048-1-0x0000000002240000-0x0000000002290000-memory.dmp

Filesize
320KB

Download
memory/3048-2-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3048-7-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3048-6-0x00000000021F0000-0x0000000002231000-memory.dmp

Filesize
260KB

Download
memory/3048-5-0x0000000002240000-0x0000000002290000-memory.dmp

Filesize
320KB

Download