Analysis
-
max time kernel
139s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/08/2024, 18:53
General
-
Target
945217ff6a2a54d759730eb17b17a663_JaffaCakes118.exe
-
Size
48KB
-
MD5
945217ff6a2a54d759730eb17b17a663
-
SHA1
9acb38c6531f2edb4bf6eb070451a4d6506a3886
-
SHA256
15ba9a974098b9296957875083062b1113c0615a943d8897ec2758c965e68d65
-
SHA512
a9bcba5ae9d643c55586a6c8970f4422500b03aa46eb233889a8fb1cd4acfd81c4c24afd82251548f8a99911777359e4c94b5b55bc7a015b0a4db4876b2d8c64
-
SSDEEP
384:E+/knl/RuGqiNAd+uVETXQTASlu5aXtHou/5nNbRQiGNdDSsFqJS+Dryd8p+u:ZWM5d+uVETXQegXlxzW6p+u
Score
8/10
Malware Config
Signatures
-
Stops running service(s) 4 TTPs
-
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\945217ff6a2a54d759730eb17b17a663_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\945217ff6a2a54d759730eb17b17a663_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c sc stop wscsvc2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc stop wscsvc3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c sc stop SharedAccess2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc stop SharedAccess3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-