e16d926d08b6223f2b357a56578e504178ecd3d78fa837d47ed445707fbdcb7a

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 07:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cff3f80725ed4334c3c1eeda203eb01_JaffaCakes118.exe
Size

50KB
MD5

2cff3f80725ed4334c3c1eeda203eb01
SHA1

a7ea198ff907d99c79a50cd2a4a9231ae59e7956
SHA256

e16d926d08b6223f2b357a56578e504178ecd3d78fa837d47ed445707fbdcb7a
SHA512

8de7699ff8f8120c7c44448e4e9e02d961daa014142365a484fafd7b6f1d8d35f5bedf3bd101c04cadd0827b3ed7f500fe2c0788ac954e6e9b5810187365b44d
SSDEEP

1536:1Ie98O8iPa4aGbYrNXz1EPMI3kXQHJ2E3Q:1l8O8iCtGUzuj0XZO

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5040	1856	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2cff3f80725ed4334c3c1eeda203eb01_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2cff3f80725ed4334c3c1eeda203eb01_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2cff3f80725ed4334c3c1eeda203eb01_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 228
  2⤵
  - Program crash
  PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1856 -ip 1856
1⤵
PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1856-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1856-1-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download