Analysis
-
max time kernel
95s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/09/2024, 20:37
General
-
Target
f6d00fedf69b08c66b1afe87d7bfb524_JaffaCakes118.exe
-
Size
292KB
-
MD5
f6d00fedf69b08c66b1afe87d7bfb524
-
SHA1
6b6e69a563e98aaf7a0622bb64fb297388733b7b
-
SHA256
f266741655937e50afa79ff961be469aa16d2027be44a92c9b09b6e372c0d154
-
SHA512
559ef011732b971f9df5aa68b3c6bce7fd636988806cfe7812b9bb3e1322a572e14489b1e16da07ae87b51c57d4aa1fc7578cc74e66559b524bd64e2cd83e7d4
-
SSDEEP
6144:xYR9mkexYKi5Q80JWX+tm08i+wfg+AQukBcbB1hqng:Tkeji5T2jm0gwf/Pd+V1heg
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6d00fedf69b08c66b1afe87d7bfb524_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6d00fedf69b08c66b1afe87d7bfb524_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 4602⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4576 -ip 45761⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
211KB
MD5588576bb384d431e281b6f628e76c5f4
SHA1872a20b4a9a2f2ee6aa55f4dbfb19d3f03db82d6
SHA256fbd29b1e5ca8690fecdef4d18b8e7126a7988fdcc379673141156c16f0f6233e
SHA512dc8aaf11436f02d2ab583238a122532890bcb3e7769343aaafab0372f89b2fd15e3191378b2f5c39b4b1b0be6ae6c4780147d56c6bc817061d2ebb3ff9313b59
-
Filesize
216KB