b52ae54ce845b4794800b595ffb8e62f57dd19a4bb7e4d00e8ad2c1696973f33

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbe9909511a41ba1f2dadd81f0417c99_JaffaCakes118.exe
Size

245KB
MD5

dbe9909511a41ba1f2dadd81f0417c99
SHA1

f25360c3c3ecf2710842461830f64faa1dbe5499
SHA256

b52ae54ce845b4794800b595ffb8e62f57dd19a4bb7e4d00e8ad2c1696973f33
SHA512

a4246da8fad369bc18523c9d9ce1107dd2752a2272ec32e9c7c9c279c8b4218224ea8bef4b8eb6bbac346c57cb22d63bf663ba0fe2e27827dd14fbe01782ed90
SSDEEP

6144:OmKxZKomT8RXKUUrT+GIqDQZSY0G7hgrAkRpUZfk0BUC1Eqe:OmKjU8XUn+GIqDQZSfGVSRG20ee

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4756-0-0x0000000000400000-0x00000000004BA000-memory.dmp	upx
behavioral2/memory/4756-2-0x0000000000400000-0x00000000004BA000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1472	4756	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dbe9909511a41ba1f2dadd81f0417c99_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\dbe9909511a41ba1f2dadd81f0417c99_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dbe9909511a41ba1f2dadd81f0417c99_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 520
  2⤵
  - Program crash
  PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4756 -ip 4756
1⤵
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4756-0-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/4756-1-0x0000000000640000-0x0000000000642000-memory.dmp

Filesize
8KB

Download
memory/4756-2-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download