Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 20:58

General

  • Target

    81c352576856dc184a73d5eb384dedbe_JaffaCakes118.exe

  • Size

    27KB

  • MD5

    81c352576856dc184a73d5eb384dedbe

  • SHA1

    5852c1162d6b1e6b9f66a56ab329745649443868

  • SHA256

    b977842a6dec296a10bb633b5f832c1792811d1728d52194b3d99983258fb080

  • SHA512

    03e9948ad8f04e67ff176dbbb2b94e95fdece4f2284cc219a6e45cebf9557ac5a3dc1fe062a04a2db7fb2717b31884a0a6eaa1ae996dbb9b331314f3f08b02d7

  • SSDEEP

    384:6suX+PucCf71PqjuuI0jYWv+/GHMy9Vrd40mueUa2TYtD9le+tkYbZ68EoI:S+WjfZiSuaWvO8z9MpUa39l8YbZQoI

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81c352576856dc184a73d5eb384dedbe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81c352576856dc184a73d5eb384dedbe_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 88
      2⤵
      • Program crash
      PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1924-0-0x00000000003A0000-0x00000000003A2000-memory.dmp

    Filesize

    8KB