7a4477979dee6700a6134b8fd8a3d465ee1a7732fe8522fb9f2d378f665d8771

Analysis

max time kernel
93s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 12:02

Target

JaffaCakes118_7a4477979dee6700a6134b8fd8a3d465ee1a7732fe8522fb9f2d378f665d8771.exe
Size

185KB
MD5

4655c639bda01c8fffe46b575cac27e1
SHA1

e96193ad367e53185430daea8502b48e84f1abaa
SHA256

7a4477979dee6700a6134b8fd8a3d465ee1a7732fe8522fb9f2d378f665d8771
SHA512

230133d12bd85a9efb45a51cbf565184e184f2b5cfd70ae8259b4648f0380c817e040e8a87fc5489a515f63b48b3b010ab10de451de8e7c26a83f1afcfa44aac
SSDEEP

3072:hnSzFrFYlynsGe11WeX7gMK09aaa6FQv8+Hsyh51S6JWs1joNmJ5cZC+:AAlJ2eXcmad6FQvdHlh51+s1M8jc9

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_7a4477979dee6700a6134b8fd8a3d465ee1a7732fe8522fb9f2d378f665d8771.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2552	JaffaCakes118_7a4477979dee6700a6134b8fd8a3d465ee1a7732fe8522fb9f2d378f665d8771.exe
2552	JaffaCakes118_7a4477979dee6700a6134b8fd8a3d465ee1a7732fe8522fb9f2d378f665d8771.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2552-0-0x0000000000CE0000-0x000000000102A000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1-0x0000000000CE0000-0x000000000102A000-memory.dmp

Filesize
3.3MB

Download