Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 17:03
General
-
Target
2d20aa9e75e9aec50a4610fc23ce58cc_JaffaCakes118.exe
-
Size
94KB
-
MD5
2d20aa9e75e9aec50a4610fc23ce58cc
-
SHA1
ec2999d056ca491257e382f286c0832a9f757c48
-
SHA256
90852138877bfab2117ae5e728d95ebe5663b22dc3fb6629cc1307f4548669d7
-
SHA512
bc6d05e037f01953359b8edd123d36830dc2cf2d9d5b44b3493810ef4e41d63bc1947a60c987173a10efcbc91a152ea1e86533186bf17e4e3603f43f47df701e
-
SSDEEP
1536:8zpPRlUMSwm41TqS6+3gWPInY6Dr8bY89fNPTMYe1iczEuRiO2rPoDSbd:8VPRSMXpwu6Dr8sKQRhArwDm
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d20aa9e75e9aec50a4610fc23ce58cc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2d20aa9e75e9aec50a4610fc23ce58cc_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 4962⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 5322⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1912 -ip 19121⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1912 -ip 19121⤵