23897d7267c3c7bfb2ad91a2fe70e7ea43e0655305e2d15e643556c3709e7751

Analysis

max time kernel
94s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2024 23:18

Target

JaffaCakes118_23897d7267c3c7bfb2ad91a2fe70e7ea43e0655305e2d15e643556c3709e7751.exe
Size

188KB
MD5

8dc8a21ae5cfd2d71604b17a33d5cae7
SHA1

f485c82f17cb2bd941311a3ab4dbd9feb2e78e45
SHA256

23897d7267c3c7bfb2ad91a2fe70e7ea43e0655305e2d15e643556c3709e7751
SHA512

6736da4a1886f64b81dfa76af5c1f9e67f891db2c802328620bec96b96f3fa4b89032bb6c16efa9c83882273e55fd6126d42e875e44133f1781a175bddd32980
SSDEEP

3072:6bC7w8k/ChytOQZ33X9Cvnr7HXJDGVpVBRxYURD49zoHZsQXF4ff:6QqWc3tCvr7HXJ6V3xnD6IpK

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_23897d7267c3c7bfb2ad91a2fe70e7ea43e0655305e2d15e643556c3709e7751.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1476	JaffaCakes118_23897d7267c3c7bfb2ad91a2fe70e7ea43e0655305e2d15e643556c3709e7751.exe
1476	JaffaCakes118_23897d7267c3c7bfb2ad91a2fe70e7ea43e0655305e2d15e643556c3709e7751.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1476-0-0x0000000001650000-0x000000000199A000-memory.dmp

Filesize
3.3MB

Download