Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 20:58

General

  • Target

    81c352576856dc184a73d5eb384dedbe_JaffaCakes118.exe

  • Size

    27KB

  • MD5

    81c352576856dc184a73d5eb384dedbe

  • SHA1

    5852c1162d6b1e6b9f66a56ab329745649443868

  • SHA256

    b977842a6dec296a10bb633b5f832c1792811d1728d52194b3d99983258fb080

  • SHA512

    03e9948ad8f04e67ff176dbbb2b94e95fdece4f2284cc219a6e45cebf9557ac5a3dc1fe062a04a2db7fb2717b31884a0a6eaa1ae996dbb9b331314f3f08b02d7

  • SSDEEP

    384:6suX+PucCf71PqjuuI0jYWv+/GHMy9Vrd40mueUa2TYtD9le+tkYbZ68EoI:S+WjfZiSuaWvO8z9MpUa39l8YbZQoI

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\81c352576856dc184a73d5eb384dedbe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\81c352576856dc184a73d5eb384dedbe_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1352
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 264
      2⤵
      • Program crash
      PID:2144
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1352 -ip 1352
    1⤵
      PID:2356

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1352-0-0x00000000004E0000-0x00000000004E2000-memory.dmp

      Filesize

      8KB