d0b90624a2b416502acf89535e09975b9e8e5ab8bee4c63cffc5ac847b2f5b3d

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacf7e71c1a5b5c11aa25170e1c3deb7_JaffaCakes118.exe
Size

125KB
MD5

eacf7e71c1a5b5c11aa25170e1c3deb7
SHA1

6a8e12756dcda5d177a02d7a938ef6bdf8833c7c
SHA256

d0b90624a2b416502acf89535e09975b9e8e5ab8bee4c63cffc5ac847b2f5b3d
SHA512

5cf04e75d95ba8ab5d979304763f19a59c29eeed02affbf4c7bb2806a0fecdd7c0c591e190cdc31218f7b8a616a0c73f56f25098039e5cf88830be1f8d6ff8ed
SSDEEP

1536:eZuEDl5o4czaYHoecn0q+HCTYOSItQlgdjgNdqleEAd6VutOUCQwvk8/7:eZxDl5o4ceY6SHEYOSzC1guyhOUCpzD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eacf7e71c1a5b5c11aa25170e1c3deb7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eacf7e71c1a5b5c11aa25170e1c3deb7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eacf7e71c1a5b5c11aa25170e1c3deb7_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/884-0-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/884-1-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download