Overview

overview

3

Static

static

3

eaca14628c...18.exe

windows7-x64

3

eaca14628c...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaca14628c88103e6df06f3c225ba20c_JaffaCakes118.exe

  • Size

    31KB

  • MD5

    eaca14628c88103e6df06f3c225ba20c

  • SHA1

    8af2f8bae99b3a7c3f1a661e02e05228fa4a8b00

  • SHA256

    de513ecaec42444adf81a3854460c756c82220b55ef29ec4078df3a02d0d6993

  • SHA512

    dbde5a402b7ebcfaee39f9ef484eb71dc1c2a155cfbdcfb10feff9b8a049fe42becaadd9d18b09640fe45f7c71e8bad2671549c07b0b4a4cb7fc5fa6d8301800

  • SSDEEP

    768:Z+h7TzTBziifTeiZSVWihwEknh0L7OTLeNfQfQ:kZ/nEkh8OTKNl

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1396
      • C:\Users\Admin\AppData\Local\Temp\eaca14628c88103e6df06f3c225ba20c_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\eaca14628c88103e6df06f3c225ba20c_JaffaCakes118.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2524

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1396-2-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1396-5-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2524-0-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2524-1-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2524-14-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2524-15-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download