c28384feb8d622682c10e81da44448c226638a7fed9b531ab7a5f652c55b3e1a

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 07:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d3e517e198379ed5b8faf580bef47961_JaffaCakes118.exe
Size

248KB
MD5

d3e517e198379ed5b8faf580bef47961
SHA1

5daf25a32e1a3f8dbbf14d488487c0175d266d60
SHA256

c28384feb8d622682c10e81da44448c226638a7fed9b531ab7a5f652c55b3e1a
SHA512

3902b8f850c5d1242840f7c61d38b677a7d98356097c939dd2f06ed9d18f1391784775ca213b1d3cf5a1e661f2d79a14f250bbfb8202124646ac89e451b0d162
SSDEEP

6144:5Qscj0zoT9nfNARb+m4hOZTIpZh3usSoSVGM:yQzoT9fNAcmeV4xoS

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3744-0-0x0000000000400000-0x00000000004AB000-memory.dmp	upx
behavioral2/memory/3744-3-0x0000000000400000-0x00000000004AB000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
832	3744	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d3e517e198379ed5b8faf580bef47961_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d3e517e198379ed5b8faf580bef47961_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d3e517e198379ed5b8faf580bef47961_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3744
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 268
  2⤵
  - Program crash
  PID:832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3744 -ip 3744
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3744-0-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download
memory/3744-1-0x0000000000640000-0x0000000000654000-memory.dmp

Filesize
80KB

Download
memory/3744-3-0x0000000000400000-0x00000000004AB000-memory.dmp

Filesize
684KB

Download