Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
24-08-2024 19:08
Static task
static1
Behavioral task
behavioral1
Sample
bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe
-
Size
32KB
-
MD5
bf396539ff4b4f3faffbdf160aac277f
-
SHA1
a4536386532c8c2efa8b65f922dc36ccf0fadd15
-
SHA256
c9a97982215af6bb8f99bb9c531fd1f209773c8bcd830dfdeaf2956da585f92e
-
SHA512
e73fa45fbbaf0c1dca861940808eb4c748262c098c7ece00c621cb8b355297b6a4465b80bbbf8deebef0af12bea525140c66eaf409703d7f0ad87c63d184ded0
-
SSDEEP
384:0ti6U5IAZmN/mWw/IyBOcv7SuCfbP9ht+HEu3LcU9Uq8:0o6U5ImSw/IMPGusbntSE8W
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 704 3016 WerFault.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3016 bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3016 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 4642⤵
- Program crash
PID:704
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3016 -ip 30161⤵PID:4420