Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-08-2024 09:38

General

  • Target

    99c349044c895201afe69771755c2b92_JaffaCakes118.exe

  • Size

    330KB

  • MD5

    99c349044c895201afe69771755c2b92

  • SHA1

    9664f0c3af95301d9f5353a126f8c602eca8df99

  • SHA256

    dc44d44f032228171073e7160bda9b33abe894e521b29c88a4a01475df87fce4

  • SHA512

    d6029bb1091bf35ea6742e772513a185845228a8e5d43f6a4411c1ab50b2bfc1282d743d1d2f352d2b4a3ffa5547e12e5647e55b96923e5b6444769ac93f215f

  • SSDEEP

    6144:msz4Ogq9OdIhstU2zYMUSfesQtpMib+qzcT7T6R4RUHGqVNv:sOh9OdIhxQYMfesQhqqzk7T66cBvv

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99c349044c895201afe69771755c2b92_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\99c349044c895201afe69771755c2b92_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3844
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 468
      2⤵
      • Program crash
      PID:2704
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3844 -ip 3844
    1⤵
      PID:4016

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads