Overview

overview

5

Static

static

3

fb52ca88bc...18.exe

windows7-x64

5

fb52ca88bc...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28-09-2024 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb52ca88bca8b2fb54ffb3da032e2923_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    fb52ca88bca8b2fb54ffb3da032e2923

  • SHA1

    3b9abb5672df6e88ecdc85ccc1d08b95f9a97df6

  • SHA256

    c69ba37ab887ff79dda584ea84b72d2f028b008a41fdb3ef6f620f93eecbfbd9

  • SHA512

    9876d77a77f5bfaf3d996c48a60e2f105115c7baaf43138dc02d8320525080a0b0863dcb056e46bd2f0896c97dfae927069c5cf6d2deeb4008241fc388c17dec

  • SSDEEP

    192:nZv25ZnSFzyZCAtyn+jSKyeIRaV23YDfzNB+ptBV5A5nxqOwyDvpInRST2E6J:525ewty+FAc3DfOB+wylX2E

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb52ca88bca8b2fb54ffb3da032e2923_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fb52ca88bca8b2fb54ffb3da032e2923_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\21435
    Filesize

    186B

    MD5

    ddd7b9de2762817229b19dcca8e0c7ee

    SHA1

    709f7e1d87760ac2fd5423af466ddfc04090f1bd

    SHA256

    ed0c11884bf8d6680a7b9d9f96795df47aeaec1390d1d27acc228f80199aa72a

    SHA512

    80af0d507dcf9daed8bf0e967618a5fc4b5541076527f8b3af458b480bbeb060ffb6d2fc6c54eac1c2aab7e18192b8a00b8b4e9ae3dfc8cb809bcac1b25d86ec

    Download Submit

  • C:\Windows\3883060245387507
    Filesize

    149KB

    MD5

    01f1086cc143b18d1e481875d017e128

    SHA1

    50c7bf57ed876a1d904e82ff281c77cb3712151c

    SHA256

    10c6efdbedf81ef4e5cd2faf0ef924032b98d662a5158b11e18e2757face3482

    SHA512

    3802dc72262e20eeae96b08c79d089554a66a528022560f8dfced90ff506730496dda7992b7b58b54b2fd0d27f4454b5af5fd1df7c1dfd598a6beba5b34f3e88

    Download Submit

  • memory/2136-1-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2136-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2136-33-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download