99388d771c1a694ed7aa7e1e7e3ea2e8e0cf723f41f62a1bb4ce0ec39c643500

Analysis

max time kernel
140s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 16:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ebc94592afef910213938061e164735a_JaffaCakes118.exe
Size

1.1MB
MD5

ebc94592afef910213938061e164735a
SHA1

ab076eb832cb3b0c540a515f5d12e4c3ed5344c1
SHA256

99388d771c1a694ed7aa7e1e7e3ea2e8e0cf723f41f62a1bb4ce0ec39c643500
SHA512

62b85bf64ae5831e23012633f76f99dbfc136ae253b8f765f9b0fc6581fd4634bc707e1f31bfe89283dad14a2065f009d0639504f517635a7c3d9afed7c829e8
SSDEEP

24576:cP0m6ybExmCOGdRw6N1sUOHKLhNTdcB2wXoDUVQYQR12TVo+dM1amsCpo9:g0PxmnMmqTdcWUs72JMNs79

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ebc94592afef910213938061e164735a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ebc94592afef910213938061e164735a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ebc94592afef910213938061e164735a_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/524-0-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/524-1-0x00000000024B0000-0x000000000259A000-memory.dmp

Filesize
936KB

Download
memory/524-2-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/524-3-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download