Analysis
-
max time kernel
132s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-05-2024 16:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exe
-
Size
1.0MB
-
MD5
6f25f293c29c85c7c08d021a41caa15b
-
SHA1
bce3e77dac423b080cadec18c9a820baec89b640
-
SHA256
b1796bc0553d93dc9a9f9b1f005a13945bb2b45f21d06fd79287e157b81cc2bd
-
SHA512
377d1165b85b211bad63a36aeb7c44efb53784ff257727481934454499a3a1813d26290c8083a938f8b9a0bb78abf64b5d088c50a2decdbfbe871b16f1beec0f
-
SSDEEP
24576:EG5GnG/E0SeW/uqmJFaZquJcAzukEo+b3IYbZ9l6w9ayq:v5GnG/E0iuqmXkHETIggbyq
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 3596 2564 WerFault.exe 6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exe 4496 2564 WerFault.exe 6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exepid process 2564 6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6f25f293c29c85c7c08d021a41caa15b_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2564 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 3802⤵
- Program crash
PID:3596 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 3882⤵
- Program crash
PID:4496
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2564 -ip 25641⤵PID:2956
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2564 -ip 25641⤵PID:1608