Analysis

  • max time kernel
    134s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 18:55

General

  • Target

    a7d32f2f8d442fefc472c12f3e31597b_JaffaCakes118.exe

  • Size

    211KB

  • MD5

    a7d32f2f8d442fefc472c12f3e31597b

  • SHA1

    c4255f54e7ee93849f65e2bbc4331bb5e5943b09

  • SHA256

    466d2b5c7407880d90ec9043e2aaad4074d7f95c88bb69effc936e45268ee272

  • SHA512

    bac4d50d133ad6f67401e10da5050ee62472f39b33cbf73a04107176aab6c4463c216429889e8bbad4a18aece5fc761e52b50cd10e5e67f102fb3a74dcebfbb0

  • SSDEEP

    3072:LsTdwBYOIPPjXYiFnZWpil6GGHU4E6lvbyOurCrOIHhEB453w:LsTyw7XYiFnopil6PUsZBSIHhk45g

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7d32f2f8d442fefc472c12f3e31597b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a7d32f2f8d442fefc472c12f3e31597b_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3060
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 264
      2⤵
      • Program crash
      PID:4596
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3060 -ip 3060
    1⤵
      PID:4912

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3060-0-0x0000000000400000-0x0000000000425000-memory.dmp

            Filesize

            148KB

          • memory/3060-1-0x0000000000400000-0x0000000000425000-memory.dmp

            Filesize

            148KB