09c99b6da5a3ad8e2879407d4070f077cffc06436e0032f420c5b3bcb2bd06bd

Analysis

max time kernel
94s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 14:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f62b52024e8ba29d0dcf56704e896a8d_JaffaCakes118.exe
Size

125KB
MD5

f62b52024e8ba29d0dcf56704e896a8d
SHA1

d9d4af8d1bf14819de2a006c39d63268e1a91e86
SHA256

09c99b6da5a3ad8e2879407d4070f077cffc06436e0032f420c5b3bcb2bd06bd
SHA512

e5e9e51ac7953ffff2cd78226f02b5800a60a0184bc5c099f3b627735704c594377c6c628e8ae3acd19193f1379050ad6d40d4015a8ff8ee4cfa9a6acb940854
SSDEEP

3072:eZxDl5o4ceY6CNHEYOSzC1guyhOUCpzD:yZgeYDaSzwguy4UCp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f62b52024e8ba29d0dcf56704e896a8d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f62b52024e8ba29d0dcf56704e896a8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f62b52024e8ba29d0dcf56704e896a8d_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2628-0-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/2628-1-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download