Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
28-09-2024 19:06
General
-
Target
fcf4bcbb79f8103b67682e97a2a9950d_JaffaCakes118.exe
-
Size
333KB
-
MD5
fcf4bcbb79f8103b67682e97a2a9950d
-
SHA1
1d99e4936392efec9a1ad10be639ea7f1e9de042
-
SHA256
4a9d4f19cabe78f02ddd2fda3cb10f68c9ac0bac618bf9a2125ad926fe39f698
-
SHA512
92ba9dfe864a0436000cd08f514d17d3b0baec30e412cbc60be33682921c6375897b083c5ee020fe455b57b4747c78b9fb9d65ed37f50b200c038375f9fbd996
-
SSDEEP
6144:1gtOTJ1h2edlUEyGz6K6Vp1DyK82rLNRrt+49YrGkjAs44JnR2BRLfQp:1gcTJTlYRVp1WPyLfr9YrhnngfT
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\fcf4bcbb79f8103b67682e97a2a9950d_JaffaCakes118.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\fcf4bcbb79f8103b67682e97a2a9950d_JaffaCakes118.exe2⤵
- System Location Discovery: System Language Discovery
-