36311b654d273c1fcffec933d02b6ae5fb48dfc7efd18017cb0020b4fb03c3a5

Resubmissions

30-12-2024 03:08

241230-dmxswswnbm 10

Analysis

max time kernel
95s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_36311b654d273c1fcffec933d02b6ae5fb48dfc7efd18017cb0020b4fb03c3a5.exe
Size

232KB
MD5

90632d25d3285bc8637e0f09f72f4a23
SHA1

499447a3c9514ba6cca7240724a1827e33611251
SHA256

36311b654d273c1fcffec933d02b6ae5fb48dfc7efd18017cb0020b4fb03c3a5
SHA512

a36964b74757e9744e5e336e91b732c5aca0b70d91d281baef852fb803664057d96dbec012b81fc96364fda87d04009ab5fec5d18fc3c7a175cd93e9de20f12f
SSDEEP

6144:mIAemRt6tUKi01pjLS8mYtX/u5Qiov1aXjVO:mIAeYt65dFmYtvGoQXj

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4152	2920	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_36311b654d273c1fcffec933d02b6ae5fb48dfc7efd18017cb0020b4fb03c3a5.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36311b654d273c1fcffec933d02b6ae5fb48dfc7efd18017cb0020b4fb03c3a5.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36311b654d273c1fcffec933d02b6ae5fb48dfc7efd18017cb0020b4fb03c3a5.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 224
  2⤵
  - Program crash
  PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2920 -ip 2920
1⤵
PID:3288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads