Overview

overview

3

Static

static

3

eaadc2e3d4...18.exe

windows7-x64

3

eaadc2e3d4...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaadc2e3d4b8f1e3271415db7a82f879_JaffaCakes118.exe

  • Size

    91KB

  • MD5

    eaadc2e3d4b8f1e3271415db7a82f879

  • SHA1

    d4cea3f2325c91a878ebc421d44e907f86a412b9

  • SHA256

    974ff39414bdd20c50bc542feace9e4b6d6c69f1af6ee9948ca637ffeb9c9f0f

  • SHA512

    61d9eb08f516d77d135325edd9d2b7e5579fae3e232deb045d58528ec48108f3b561d3abffe45503b7351d9bf76932cf95817f1cd15e579c835db35dfacbece9

  • SSDEEP

    1536:CPvJNJ0qFyRPbsLqPb6E5zQVC3Gj6wFwB258bOeFlXAAj:C3JqYL6dUDE258aylXAAj

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eaadc2e3d4b8f1e3271415db7a82f879_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eaadc2e3d4b8f1e3271415db7a82f879_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Windows\SysWOW64\wscript.exe
      wscript.exe "C:\Users\Admin\AppData\Local\Temp\{4D74B2D2-9647-4A39-BD93-27AA6507A4FC}\Installation Windows 7 Start Button Changer.vbs"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\{4D74B2D2-9647-4A39-BD93-27AA6507A4FC}\Installation Windows 7 Start Button Changer.vbs
    Filesize

    873B

    MD5

    5dc1da9d6bfbea38b0d6a952bcb3d206

    SHA1

    8f6de10033e4afb61040c0758d8e30fc0dcaa753

    SHA256

    cd77b4b918763feb610bc63c2ad5ef224744766558c14a48624efb57ba01d40a

    SHA512

    8a3305c07a1b50f26ad714567fee901d79e2057d7ae73c0de9a88ee17420a7725db708674cb38b877d895ac0ceb588064ddb583a00235bfccddb22158a17c7ac

    Download Submit