Overview

overview

3

Static

static

3

eac7a15fa8...18.exe

windows7-x64

3

eac7a15fa8...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eac7a15fa8096f6c678bba2dd3ee584c_JaffaCakes118.exe

  • Size

    3.2MB

  • MD5

    eac7a15fa8096f6c678bba2dd3ee584c

  • SHA1

    d1db26680cf0e678acd1909bb860cc2f16b2255c

  • SHA256

    621202764da6d4b8fd9ae8dd15a0204dfec5d8941b42e86c3ee3aac01df90cd8

  • SHA512

    e203d46cf7c4af673e6003b97079408ea95c70c3c6176f2ac4059513de91680570bb6677350a57840da30723d6a277068c9c7a7c6161f9c7b094b9cbdecfa1bd

  • SSDEEP

    49152:u8fIo2ysJlvGtOXyspW1CGAzihxtTlJj4ORRrZ0s5PKYTKUbge2mv/8C:hIo2yIGIXyRxhl144rFVge2mv

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eac7a15fa8096f6c678bba2dd3ee584c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eac7a15fa8096f6c678bba2dd3ee584c_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:4460
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 824
      2⤵
      • Program crash
      PID:3700
  • C:\Users\Admin\AppData\Local\Temp\eac7a15fa8096f6c678bba2dd3ee584c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eac7a15fa8096f6c678bba2dd3ee584c_JaffaCakes118.exe" -downpower -msgwndname=wpssetup_message_E57A6DF
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2576
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4460 -ip 4460
    1⤵
      PID:2832

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\tempinstall.ini
      Filesize

      330B

      MD5

      ce733119e104724fd1b9c474a8fe859e

      SHA1

      813b25d9752f8b3acb43bf4988348b0918762e3d

      SHA256

      17c1de0ef5bdfac7efa90f262e1a98728becbc31998176f72ffe3dcc7a86398e

      SHA512

      eb1d7e404e958f2f3d85a7f8a8030d0dd8f4c3e6638f6706a5787042c08808fc12a44661ac0188c41ecbdc7aed50e299f86cc8587c063fecca0493783fcc58d9

      Download Submit

    • C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
      Filesize

      216B

      MD5

      e0eb3528d8906d23ebe025d853ca89d4

      SHA1

      a50f6adba95855aa90cdc26ec00fe98df0ed8f4c

      SHA256

      163c1563df2c06f48f7e16c12910f73bbca1a00fa5c80cc1ab33f0b470192f97

      SHA512

      c0399488758c16a6836dcea28166e20bd0a3eb8e5e3508a73e1f61a7edac1ecb8d0dd32fc237986b53f0b5c1375f5a41b0158b7371d11c3bed80a86f922fdf1b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
      Filesize

      1000B

      MD5

      a8818df0338122cec17f3b3989bbf204

      SHA1

      e4d14ce376817306f167399a951c1b2b1b0bfc8b

      SHA256

      d85400badb8002cb98b054b8b252e24ffcf93d52cb926b6f9b52bc8ce3ac6675

      SHA512

      1611fa46454ec227b6927810e15ed238f2b9c541cd7ff6286f491d89a6c3b4cc98f28b424bfa7e4b225628265f19a78c5dac61531a04c66f266e01c35ec6aed7

      Download Submit

    • memory/2576-24-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

      Filesize

      4KB

      Download