68680109d96945d54533025e7c0980bb6cf723dbe21589c02c02b0eec77c66c6

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

418fd1b142ce8d484b017677c7ba33e7_JaffaCakes118.exe
Size

298KB
MD5

418fd1b142ce8d484b017677c7ba33e7
SHA1

3fd7830fc431be9b1844eb1403c69a5f112000b5
SHA256

68680109d96945d54533025e7c0980bb6cf723dbe21589c02c02b0eec77c66c6
SHA512

0da46c02e2ffa9805080f525ad1f7c9c9cd93d8c8a7a3abbe4710a00ef61e8c28937d6797a7f29c6a4beff7c13842d49d3a3ba55896163f58e7e14b31e66f7a6
SSDEEP

6144:R0+N1vNAwzqEybL8ediqLnFH4ua12BM6SZMIE0Yqe/uq:mSrAXJ8eHLDo6MC0Yqe/b

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	418fd1b142ce8d484b017677c7ba33e7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\418fd1b142ce8d484b017677c7ba33e7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\418fd1b142ce8d484b017677c7ba33e7_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-0-0x0000000002240000-0x0000000002282000-memory.dmp

Filesize
264KB

Download
memory/1192-1-0x0000000002290000-0x00000000022DC000-memory.dmp

Filesize
304KB

Download
memory/1192-2-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1192-4-0x0000000002290000-0x00000000022DC000-memory.dmp

Filesize
304KB

Download
memory/1192-5-0x0000000002240000-0x0000000002282000-memory.dmp

Filesize
264KB

Download
memory/1192-6-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download