Analysis
-
max time kernel
43s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 20:19
Static task
static1
Behavioral task
behavioral1
Sample
a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
-
Size
824KB
-
MD5
a22cfe45e6506faed5a82de112d6d6e9
-
SHA1
5fdf13920c21ce47c38eeddb779876c32083b5da
-
SHA256
aaa5ad3087ec9011c36cd77d5611f8d88fe72fc933e2469bad1703344b318767
-
SHA512
dcef86282a00f2f0a0e509476d9992409798169b1342feef5818740e06438302afd05f08aaf32d6ebc476a5370b1cd7cc363a492df8a0b97922b3292acce6e12
-
SSDEEP
12288:NxIOeB8PJwMIpP3ey7PQWbjLvo7nQpTPAQl1JW4Pr:NxItBeIZ/x7RPr
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe -
Program crash 3 IoCs
pid pid_target Process procid_target 1912 4268 WerFault.exe 81 2292 4460 WerFault.exe 88 2420 4488 WerFault.exe 89 -
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\ a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4268 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 4268 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 4460 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 4460 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4268 wrote to memory of 4460 4268 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 88 PID 4268 wrote to memory of 4460 4268 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 88 PID 4268 wrote to memory of 4460 4268 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 88 PID 4268 wrote to memory of 4488 4268 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 89 PID 4268 wrote to memory of 4488 4268 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 89 PID 4268 wrote to memory of 4488 4268 a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4268 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 7002⤵
- Program crash
PID:1912
-
-
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exestart2⤵
- Checks BIOS information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:4460 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 7003⤵
- Program crash
PID:2292
-
-
-
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exewatch2⤵PID:4488
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 7003⤵
- Program crash
PID:2420
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4268 -ip 42681⤵PID:2664
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4460 -ip 44601⤵PID:3636
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4488 -ip 44881⤵PID:2392