9eebf8a3e21cbbc53fd423b18ff1eb120b5177a56dbbd70d2730c97aef6a0276

Analysis

max time kernel
134s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf149b918c23fc43a7b9fa412c331177_JaffaCakes118.exe
Size

292KB
MD5

bf149b918c23fc43a7b9fa412c331177
SHA1

aa8b3675108b23fed9dd065511b2d3255c019158
SHA256

9eebf8a3e21cbbc53fd423b18ff1eb120b5177a56dbbd70d2730c97aef6a0276
SHA512

ec6bc3de7ea0e327394a6fdb65ef67656fff362a22a1e64d995094af88ddc59ed788aa62f01e49406243af627d0cdd20931ee1244ce670b0d8808bb741e2567b
SSDEEP

6144:/qsl3QOD5/PYZs0QD0naaIyQ37CvuYKUDeTs3JGyBvnmiG:/qsl33HYZfQD0aaQ3mPzesJGyo

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bf149b918c23fc43a7b9fa412c331177_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2652	bf149b918c23fc43a7b9fa412c331177_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\bf149b918c23fc43a7b9fa412c331177_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bf149b918c23fc43a7b9fa412c331177_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dnp7551.tmp

Filesize
51B

MD5
5b9dd761b03ed6ab8bd086bbe29aedd9

SHA1
20f19aec87e1bb03d491e515b32b6c178023ab76

SHA256
e903313f8414e3474a9ea28eef6b7d9ec1b623d8747208b4f63c4be4a3c4debb

SHA512
81079d7c5ba49fc6ea3061ac93a0a1e7600c0fa0e9220821ed9eccbd0ea80e21b1e8979478cc5ef105c8c5f8203ef4f05083e6f385197c5f8eebb7329c0cd9a1

Download Submit
memory/2652-1727-0x0000000000400000-0x000000000047A200-memory.dmp

Filesize
488KB

Download
memory/2652-1726-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2652-1725-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2652-1729-0x0000000000400000-0x000000000047A200-memory.dmp

Filesize
488KB

Download