1c2739828759947f4d953a426203f7ed56d12d3ac15bcc9d5643873df619522e

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f736c8e42284e3e743f25b55cb7a204_JaffaCakes118.exe
Size

25KB
MD5

3f736c8e42284e3e743f25b55cb7a204
SHA1

bd14393c4d2224961ba30245fdb5ba048909c9e6
SHA256

1c2739828759947f4d953a426203f7ed56d12d3ac15bcc9d5643873df619522e
SHA512

b6a4e9780728d762acc470383d26fbf8303b395868fcc3b4deface6ec42360453e5c631c18a6f23a9c1a06594e5f8df9f0b3f9b96999c12316c633bbe06c8393
SSDEEP

384:DbXJeIoaxan0lpuDgdrjr58rvOmns4COuRa+RdrpWl/Wfa:DbX5Ran0lpuarZ8rvRLwYM4Wa

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f736c8e42284e3e743f25b55cb7a204_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3f736c8e42284e3e743f25b55cb7a204_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f736c8e42284e3e743f25b55cb7a204_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5108-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/5108-1-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/5108-0-0x0000000000580000-0x0000000000584000-memory.dmp

Filesize
16KB

Download
memory/5108-3-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/5108-5-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download