Analysis
-
max time kernel
141s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-09-2024 15:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe
Resource
win7-20240903-en
3 signatures
150 seconds
General
-
Target
e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe
-
Size
674KB
-
MD5
e9697e0f92341559d4583ea11a00ccd6
-
SHA1
fa2a98911bd37a586d31225c5a952d1c66b2feed
-
SHA256
2bdd84d0f8b35ba65759a3c3036d37b3b3e812e891b4b2dbbd6e632675af15fd
-
SHA512
c4a4e3b523d70ecd99014927445c189b0615a9e21ac294c7b95dfb4a5fae83ddb01b398017d8ed34a3d7739e28fede1e84b84478a9b98936026523f9b19ae6e2
-
SSDEEP
12288:n3TdtLW5WIj1YSSdFxxAiQBBSXyMzBUWb9lx/9AgHLo8OW+rBj:3Dsj1dEBTWBcJ9nPx/igrp+1
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2320 2480 WerFault.exe 30 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2480 wrote to memory of 2320 2480 e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe 31 PID 2480 wrote to memory of 2320 2480 e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe 31 PID 2480 wrote to memory of 2320 2480 e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe 31 PID 2480 wrote to memory of 2320 2480 e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e9697e0f92341559d4583ea11a00ccd6_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 1922⤵
- Program crash
PID:2320
-