00d1534a2aa753bd662835494350584cf02efdc5e7907dba0b2f7bc2f2ce3581

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbbeec6e6627494094818c0f73d3eca5_JaffaCakes118.exe
Size

148KB
MD5

dbbeec6e6627494094818c0f73d3eca5
SHA1

15c19c3a1a3b37100f99c321cd7064a45ca80a0c
SHA256

00d1534a2aa753bd662835494350584cf02efdc5e7907dba0b2f7bc2f2ce3581
SHA512

fd48d40a9b5338bd24482d7406a248b10a7cbbb6e046158e44b3b60c5fa3d8ca13f058ccfec8b8781eb7ef4cd71164ffd1d130cd3cb74a71c0930005603d98bd
SSDEEP

3072:ZmiTAkV7hbaeOPkwXZzh2yHo5v6q9Y5EF:ZfTbbjOT2V5CD5C

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\download.png	dbbeec6e6627494094818c0f73d3eca5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\vmmreg32.dll	dbbeec6e6627494094818c0f73d3eca5_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3768	2808	WerFault.exe	85

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dbbeec6e6627494094818c0f73d3eca5_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2808	dbbeec6e6627494094818c0f73d3eca5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\dbbeec6e6627494094818c0f73d3eca5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dbbeec6e6627494094818c0f73d3eca5_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 464
  2⤵
  - Program crash
  PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2808 -ip 2808
1⤵
PID:1416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2808-0-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/2808-7-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download