Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 19:08

General

  • Target

    bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe

  • Size

    32KB

  • MD5

    bf396539ff4b4f3faffbdf160aac277f

  • SHA1

    a4536386532c8c2efa8b65f922dc36ccf0fadd15

  • SHA256

    c9a97982215af6bb8f99bb9c531fd1f209773c8bcd830dfdeaf2956da585f92e

  • SHA512

    e73fa45fbbaf0c1dca861940808eb4c748262c098c7ece00c621cb8b355297b6a4465b80bbbf8deebef0af12bea525140c66eaf409703d7f0ad87c63d184ded0

  • SSDEEP

    384:0ti6U5IAZmN/mWw/IyBOcv7SuCfbP9ht+HEu3LcU9Uq8:0o6U5ImSw/IMPGusbntSE8W

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bf396539ff4b4f3faffbdf160aac277f_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 464
      2⤵
      • Program crash
      PID:704
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3016 -ip 3016
    1⤵
      PID:4420

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads