8cfbef75c95ab53a367e1fe8cd61e2ceab401aee4f97a8ef01cba904f1c99ce3

Analysis

max time kernel
140s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 05:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

120fa65b2c7cbe38a84219fe8f70c8bf_JaffaCakes118.exe
Size

229KB
MD5

120fa65b2c7cbe38a84219fe8f70c8bf
SHA1

3807d4ccc657c821756977664544009ec822eb89
SHA256

8cfbef75c95ab53a367e1fe8cd61e2ceab401aee4f97a8ef01cba904f1c99ce3
SHA512

7ec108f2a6246e07914c81657a35bbae2c3301cb6748e2cc027800cf2e60d71895189fb37a1092de4022851afc8e9b2c6f6f291a3df27a396c70333417d133bf
SSDEEP

6144:FZ3iOMNfO48zIZBlSK5SsbHdapQ0XbmilK:FZ3iOsmETSsbHdEhXbm/

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	120fa65b2c7cbe38a84219fe8f70c8bf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\120fa65b2c7cbe38a84219fe8f70c8bf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\120fa65b2c7cbe38a84219fe8f70c8bf_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1824-0-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/1824-1-0x00000000004F8000-0x00000000004F9000-memory.dmp

Filesize
4KB

Download
memory/1824-2-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/1824-3-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/1824-4-0x00000000004F8000-0x00000000004F9000-memory.dmp

Filesize
4KB

Download