Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
11/09/2024, 17:34
General
-
Target
dadf7d6c9c4d577f4a87eed53a0105ec_JaffaCakes118.exe
-
Size
157KB
-
MD5
dadf7d6c9c4d577f4a87eed53a0105ec
-
SHA1
6c7d3b479bc515d93cb0d3aa137762ef0ab186a3
-
SHA256
914d91f1a9fef5b0fd9f3620e0e8c9c049af55a7e3a4cf26f350daddae62b419
-
SHA512
5969956ff8956c0b1e95b8f3d36ef858491568cba22d136d3db4a47b1d31c614628dd5e7ad3bc7587c1b4eeb82c24c5dfdc40991181f80d3a76add27f67653fa
-
SSDEEP
3072:h5HStQcl5cn1cbKWhT/ABoSOyi6wbPNP2KGq1ix5uBqJf0aC:hBSmc0nUNyoYq0qL3aC
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dadf7d6c9c4d577f4a87eed53a0105ec_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\dadf7d6c9c4d577f4a87eed53a0105ec_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 1042⤵
- Program crash
-