615c42c39a90c5bf3a79f56bef91a940480bfc0f6218514869057e5c88a3db7e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 19:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1036aa4174c88a59612049e89f13a022_JaffaCakes118.exe
Size

66KB
MD5

1036aa4174c88a59612049e89f13a022
SHA1

e163a96c1ad832e3edecfdefa185e53521bdf48b
SHA256

615c42c39a90c5bf3a79f56bef91a940480bfc0f6218514869057e5c88a3db7e
SHA512

0229c1a6e3b9ec03ab808038a5dd377957889ece931e17513a810f7160f4f666ea00064d6ead5a3318eddfea3d1eddc5cba811ca5b938f2944c9b00b6a3ccc30
SSDEEP

1536:5jEve/A9uyi7cJs/Q4+2A1FMgCfXC8QXy91d3YxE:5jEvB9uJQ4+rFNaXC8QXyR3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1036aa4174c88a59612049e89f13a022_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1036aa4174c88a59612049e89f13a022_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1036aa4174c88a59612049e89f13a022_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/232-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download