Analysis
-
max time kernel
96s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01-10-2024 22:22
General
-
Target
07a8d0d3b90d2223f7c0cf80d6447df7_JaffaCakes118.exe
-
Size
128KB
-
MD5
07a8d0d3b90d2223f7c0cf80d6447df7
-
SHA1
b1330aaced99d221097e66b0044dff8c5ee3c438
-
SHA256
b931b509870f18a63b7f5fbdc595e5181336715e638ab0e192ed529aa41b6c9c
-
SHA512
c8137242fbd535f99615eb61542190f57484aa05556613a4982fab0c389d3c6f1ff702156d6a4710fbaa528a16024a48f82fbfa7dedb7fe4e37245392de24d99
-
SSDEEP
1536:BdquqmReDXI9XPE/otP89Uwnh/9J/ntBVRcZUZ3:BdquHaotE9VHJ/FRcyZ3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07a8d0d3b90d2223f7c0cf80d6447df7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\07a8d0d3b90d2223f7c0cf80d6447df7_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 3242⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 400 -ip 4001⤵