Overview

overview

3

Static

static

3

a41e074bfa...18.exe

windows7-x64

3

a41e074bfa...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a41e074bfa41815efdefecaedf8325c7_JaffaCakes118.exe

  • Size

    12KB

  • MD5

    a41e074bfa41815efdefecaedf8325c7

  • SHA1

    0f1d1012d1a1a362c740e86d560c1355b5e07dd1

  • SHA256

    a21c8e665851fb27ad2c04a83efe15e34577fef89378502befe8e6851d592d4d

  • SHA512

    85807ce968893ef86494e5cf90c1ee20b67db45b2d9854518d01c4b3e93ddde5d6fed62a589e5b6cf785db6ffa7ab8e0e6cd911f570e2682e2df4604522d8b4f

  • SSDEEP

    96:c6OuUx0H8mR2Kh3My+n9Korx7Lj71yQtQKQYQ:c6OuU6H8htxrxz7MQjQYQ

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a41e074bfa41815efdefecaedf8325c7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a41e074bfa41815efdefecaedf8325c7_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 88
      2⤵
      • Program crash
      PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads