Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 04:52
General
-
Target
08fa2d46c9acece369f8f3f6c0f824c5_JaffaCakes118.exe
-
Size
40KB
-
MD5
08fa2d46c9acece369f8f3f6c0f824c5
-
SHA1
7e5661cd97318572d6395c9df1673fa8eea53ceb
-
SHA256
69aaa4c3ed3d69a5ca0a2ce108b1e3a27cfc67a4925ff857b19c100528d444e5
-
SHA512
bb83b29548591f8506089a4d174d1a148ead1635f451ad0449a142930de15ab6d8d4ed87ffe554ee5b0d3c3208ae66b2a85f073ed54b2560eaa574b4239f4f8a
-
SSDEEP
768:lHDs1/LGAH19EZrSe4Ss86nezf3DMjh9RZGx3arlcmnF:lHDs1/LGAH64pnSv89HGxqBc4
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08fa2d46c9acece369f8f3f6c0f824c5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08fa2d46c9acece369f8f3f6c0f824c5_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\@qrfwo.bat2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145B
MD5a306a3601364287960d09207d3068e31
SHA1bd5cc268f4c9564aed5031f66ffa3dd6427c0cb9
SHA25662d17f1089ba7f86bdc37702bb90bd4ed25060a3f0d7c71987869df3c22ab5da
SHA5125db05a98125e0b545d852a937cc67de9760e84a78db938fad9932ef588b2b13377d6cccbbe7036ed17d313bf1ea62952e7628ad57243332f037201623a67ebe0