Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2024 03:15

General

  • Target

    042ba463eebf5403058e100707c92c03_JaffaCakes118.exe

  • Size

    525KB

  • MD5

    042ba463eebf5403058e100707c92c03

  • SHA1

    0f00d4a106020314a4eaaab41cfead4f3ad83f3d

  • SHA256

    aa3d28235dd95667ed2480c864887e6b909dc765e46fbf06fd494af4b840fc27

  • SHA512

    d19b9e8d40e53232f2d41d02b336746a590180f2ecdd2f75dc5a988a16e3f936406a540974da60b89f5b2d7c06e8fba3c334e8a74ff37d307b6bee9fb8eb706d

  • SSDEEP

    12288:rVTZ5PlGQX8tuU2R3xtRe5+nB7+AP6r+EFhxgRKe:pFdDX84U2TtR7nlHvtl

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\042ba463eebf5403058e100707c92c03_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\042ba463eebf5403058e100707c92c03_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2552-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/2552-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/2552-2-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB