f18e5dc734b909a49892cec1d6ac204b2177408071a885a6c71fe627b00bc444

Analysis

max time kernel
94s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff8dd500089ef3b578d283169d029e1e_JaffaCakes118.exe
Size

2.8MB
MD5

ff8dd500089ef3b578d283169d029e1e
SHA1

50ec18340130995857a6aa0913312d4ab2bdb61a
SHA256

f18e5dc734b909a49892cec1d6ac204b2177408071a885a6c71fe627b00bc444
SHA512

ab6296cac678c175e4cf73a79f503c0dca06d3485685c83117b3fc35fb5b575433bacccab31688f09a0bf140e1608fa3ea139652e932d3f1e7d194c8805459da
SSDEEP

49152:E++DRB1wjtC+3393VLjz8393VLjzZHHHTLzz12icrew6qYzJ+J5lnaHvo3MXcz:X+DRBS872iyF6qGiPaHg3M

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ff8dd500089ef3b578d283169d029e1e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ff8dd500089ef3b578d283169d029e1e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff8dd500089ef3b578d283169d029e1e_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4792-0-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download