Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15-08-2024 09:38
Static task
static1
Behavioral task
behavioral1
Sample
99c349044c895201afe69771755c2b92_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
99c349044c895201afe69771755c2b92_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
99c349044c895201afe69771755c2b92_JaffaCakes118.exe
-
Size
330KB
-
MD5
99c349044c895201afe69771755c2b92
-
SHA1
9664f0c3af95301d9f5353a126f8c602eca8df99
-
SHA256
dc44d44f032228171073e7160bda9b33abe894e521b29c88a4a01475df87fce4
-
SHA512
d6029bb1091bf35ea6742e772513a185845228a8e5d43f6a4411c1ab50b2bfc1282d743d1d2f352d2b4a3ffa5547e12e5647e55b96923e5b6444769ac93f215f
-
SSDEEP
6144:msz4Ogq9OdIhstU2zYMUSfesQtpMib+qzcT7T6R4RUHGqVNv:sOh9OdIhxQYMfesQhqqzk7T66cBvv
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2704 3844 WerFault.exe 99c349044c895201afe69771755c2b92_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
99c349044c895201afe69771755c2b92_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 99c349044c895201afe69771755c2b92_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
99c349044c895201afe69771755c2b92_JaffaCakes118.exepid process 3844 99c349044c895201afe69771755c2b92_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\99c349044c895201afe69771755c2b92_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\99c349044c895201afe69771755c2b92_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3844 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 4682⤵
- Program crash
PID:2704
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3844 -ip 38441⤵PID:4016