bdbc51ec4a2dc28cbb3cedbaff4aae13a348297b0f912a17c46e8ae4d92e9398

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe
Size

84KB
MD5

740b24951d55cfe08b0d11b2d78dcc8d
SHA1

28fea9564ffa0adb7170541eed7d4f2dc1eefa53
SHA256

bdbc51ec4a2dc28cbb3cedbaff4aae13a348297b0f912a17c46e8ae4d92e9398
SHA512

16a77194291d8e6ab71da4086d01ce011b9a6a2b9dd5fd97245b7fef238eb8501e89b16a12af582f7859c325523ced8d7b283a077d5c7ddffc18d69849394acb
SSDEEP

1536:7J5qR9tA/40fOemS1J/ySTllxsEZfxRCv95pKJA5rM/VsZ6yf7lRofMAwn:7JU3A/HBllxs2mlGwMMpjlRofen

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3020	3004	WerFault.exe	28

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3020	3004	740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe	29
PID 3004 wrote to memory of 3020	3004	740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe	29
PID 3004 wrote to memory of 3020	3004	740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe	29
PID 3004 wrote to memory of 3020	3004	740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe	29
PID 3004 wrote to memory of 3020	3004	740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe	29
PID 3004 wrote to memory of 3020	3004	740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe	29
PID 3004 wrote to memory of 3020	3004	740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\740b24951d55cfe08b0d11b2d78dcc8d_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 260
  2⤵
  - Program crash
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads