d9b256faf828ea5585227841cfe8d384774fbac5e5e55b0dad5125d3af86e9ed

Analysis

max time kernel
95s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2025 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_25450849d2cf016dcdda97abeae2288b.exe
Size

204KB
MD5

25450849d2cf016dcdda97abeae2288b
SHA1

7db9882a46173d7c61b88ef741e5dfd280f74ed5
SHA256

d9b256faf828ea5585227841cfe8d384774fbac5e5e55b0dad5125d3af86e9ed
SHA512

9d159f57a3d24d268b5d49652294f9fbc87e5ad935651987cb5ba21694964d9ea78a8eb49dbbf3310a8fe0f2e9805e2488d49b2d32f63c83d44dd5b76a27e41a
SSDEEP

3072:njAqi+TogitjfCqObAjYxxNO9WYSRTFDDr7oA3qZ8PoIW2j6e:njAtbljO0jyNvFDMA3qKoLe

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4340	4184	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_25450849d2cf016dcdda97abeae2288b.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_25450849d2cf016dcdda97abeae2288b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_25450849d2cf016dcdda97abeae2288b.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 328
  2⤵
  - Program crash
  PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4184 -ip 4184
1⤵
PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads