Overview

overview

5

Static

static

3

ad3cfbd108...18.exe

windows7-x64

5

ad3cfbd108...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 00:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ad3cfbd1082f3e7b5bbb40cb5ec231b1_JaffaCakes118.exe

  • Size

    42KB

  • MD5

    ad3cfbd1082f3e7b5bbb40cb5ec231b1

  • SHA1

    9ce453bdb7c792636ae4dc7e0c0f33cb51e2e57b

  • SHA256

    818a5b4c6f3b6c8e8b1ad39a672c87daf9e110cfe69c305e9467808f08b8251f

  • SHA512

    aac65b573d8f122779e2fd808a69441d607a1368e7e1d7bb0ade7436752f56f26df624a1c6ac923b748cd2523fac421b53daf97b5a691e3ccc66ceb16bf756a1

  • SSDEEP

    768:wiDFdyr+I16et/sZIzx7Mj29fNgKXecfcrxRD5C0rjFB2hpUm2XEh:tDOrdom/sZI+jONgpcfcrxRDJrJUhpFh

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad3cfbd1082f3e7b5bbb40cb5ec231b1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ad3cfbd1082f3e7b5bbb40cb5ec231b1_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Users\Admin\AppData\Local\Temp\ad3cfbd1082f3e7b5bbb40cb5ec231b1_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\ad3cfbd1082f3e7b5bbb40cb5ec231b1_JaffaCakes118.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2240

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2240-9-0x0000000000400000-0x0000000000408960-memory.dmp

          Filesize

          34KB

          Download

        • memory/2240-5-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2240-7-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2340-0-0x0000000000400000-0x000000000042F8AC-memory.dmp

          Filesize

          190KB

          Download

        • memory/2340-1-0x0000000000401000-0x0000000000402000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2340-4-0x0000000000450000-0x0000000000480000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2340-8-0x0000000000400000-0x000000000042F8AC-memory.dmp

          Filesize

          190KB

          Download

        • memory/2340-11-0x0000000000400000-0x000000000042F8AC-memory.dmp

          Filesize

          190KB

          Download