67f7328ec683d0b316f4af2dd34c8411dbf7c1dfbb1dff7cb0b8f7812c36913d

Analysis

max time kernel
93s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c682ff3e5b06ea55546a7ee8eac6c9c_JaffaCakes118.exe
Size

19KB
MD5

0c682ff3e5b06ea55546a7ee8eac6c9c
SHA1

8e1cc848e294b319f47a2f38ed4aad154fea7b05
SHA256

67f7328ec683d0b316f4af2dd34c8411dbf7c1dfbb1dff7cb0b8f7812c36913d
SHA512

1050592e1802d866a4eedeefc2dddb4e0c2a5140e208b7faf38bc2bbee7f380aa4f03beff4ce6e944cfe26a67cfd786a113a7d8e7dfe9640b2d08cfa58aae750
SSDEEP

384:P0qYE38hIxuA+Qjsh8KRJqfhVpn4t3Bh:cKGIxR+lfzqpVp4t33

Score

3^/10

discovery

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2820	740	WerFault.exe	81
3668	740	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c682ff3e5b06ea55546a7ee8eac6c9c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
740	0c682ff3e5b06ea55546a7ee8eac6c9c_JaffaCakes118.exe
740	0c682ff3e5b06ea55546a7ee8eac6c9c_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	740	0c682ff3e5b06ea55546a7ee8eac6c9c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0c682ff3e5b06ea55546a7ee8eac6c9c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0c682ff3e5b06ea55546a7ee8eac6c9c_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:740
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 116852
  2⤵
  - Program crash
  PID:2820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 116752
  2⤵
  - Program crash
  PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 740 -ip 740
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 740 -ip 740
1⤵
PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~!#A5D7.tmp

Filesize
10KB

MD5
218d62e326620b5f18b783f58af4e75e

SHA1
0fa9078f6f7615e3cba5f42a401b80397e069471

SHA256
d641bb0195202a9f955c2e9cbcfaa19f5692cf788d7409b47136daf923dc910a

SHA512
fca6be51adc017452d9f8ffbb261ad9328dff0e36d15f5adb050b177795d7b184476afd4c2590f86954e22616c757ea8798ac1185c0c9618f81e104327781aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#C5AA.tmp

Filesize
15KB

MD5
aed94f4a414fc81ef5ab5ed220cc4b35

SHA1
aac5195e746a8a2107b2ea0cd0a024501212a293

SHA256
c282ce6429127c9f7dffd0c0cbcd45f3a891b79845941fb0fb25d759453d57c3

SHA512
266161dd58d663618f0048e6406fde3ccf57ba52c7ebb0c9dc0910d3463ebec1d0c8748e0f9c7a7e38987221c2290a861d1af847456253b013050ee66b9bea46

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#CC15.tmp

Filesize
11KB

MD5
432ec51300eb44285e1ee4927b761b87

SHA1
b49a2951e830cda328dbcd08b373edbf23cfbbde

SHA256
2e07c528d3db0d8bfb9e7d87592ac98796eb3e3951a2dd298073787e2b469436

SHA512
9ae42f3412ed1699ed350e4665ce0d199909b3a41fb3237d9fdf6244d9575c6eb5ef415d658760eb56f4b24134f84c325296f2681f7ee61367155423c00d7015

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#CC64.tmp

Filesize
9KB

MD5
6a5dcb125e0e899dce8655ac7da84c8d

SHA1
ad2146b64ebdb4e081ccead4efb9801a2a745c05

SHA256
a05c9798064d96af0e2b025bdf761b6e6ca8bb9f924367058389b7d076b52347

SHA512
48e70e0f39fc9a10bf1299efcea8665ab7525d55c8294f542dd35d8f3d9a6f4785efe12dacf717599a43ba4e9128a567a876d7a6f5d364828a43c2d4477efccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#CF39.tmp

Filesize
13KB

MD5
08f7c7cd56c2a532fd0f452a28949b5b

SHA1
50d515f170d70eb4becf34aae02c95a08655d8d2

SHA256
5bed16183a13dfd25821d7be8ea9917d45b7e03f04d822e042f016ac3d32580c

SHA512
26a720c2bbd5d87d884ba2522dbdefc04d97cdfba893e65f10c0b686de472ec9a01d61fdf9e48a8d98b970e36543d6928953330224b0a1e1703ef4ba438dacbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D536.tmp

Filesize
4KB

MD5
f153d58b40f9786b2e75775c66a7545f

SHA1
dadb697e34ecfd6c37bd6f5ed3d4d3dddd95dbb9

SHA256
2e676950fb8e7b569e05b545771c63c5dc8e301940d65bd5033b8e26b1ec4c04

SHA512
553bc29a768d92e24a855c9604b36f4b7e19c436ee7b60e971f9bb89c59c3e20c2f6e7287b8adced335b5c6799a371969d56a16c39cfa9f6bb2ede70e7949972

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D682.tmp

Filesize
4KB

MD5
e7a4da0918edca78b59bf1e720c4f108

SHA1
2e9f659eb0aef299702fd598f9632a13f9906c52

SHA256
d91b7ced34e747f6478a541178f5ae1c022fd325fe624bb940b6060308ed145e

SHA512
fcee3cc9f60db1fef40bd9773ba36a51ed88ba6b8b68dd1608385be67cac2d44f5b6b84b9ae81bbae0e47db68d6c71a8369268e1dd71fd5de8871ce17c5a33e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D86C.tmp

Filesize
7KB

MD5
22d9de642952b56705f7995ffd6092d5

SHA1
fee656f543370e0ca381af6339c341934dba9f8d

SHA256
e4b4ebef0d411c060f583a26ab625e38f2feb79e6359d0c2e97e4cd96d9eb332

SHA512
07d6998026ff54bd1dbe26afc9c7346c1dffa441d92d7b2c94cbe13cdb2a783c2c799efe07a8a1a33667b0bc1c7d4dc6014ed6aee605d88866d1d0825bdf93a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D969.tmp

Filesize
8KB

MD5
b75e90c9814271f36c88cc445dd68a40

SHA1
747fd19c4eefa99b65037e68da9815664c808884

SHA256
f343ed13212ced3b40b605d670eec392f174a62c167246fff07eb5722a8e5414

SHA512
d35e51a62ab3f373b5159e9b4b316d5329ba4a50f4881a22873f2cc74a80764967edfa40f7d47a5c4f78848495dc098a4177b82d059103ab18a1df9c0d6bd7b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#DF37.tmp

Filesize
149KB

MD5
d9c8bb0f5d53bd63d752a23854c6bf1e

SHA1
20a469b0ab728b77412f3533e14e74257a280849

SHA256
9a843ba3b457821304ad43e079cc6cae8ac62f730266a2d2ede38dae4267fc9d

SHA512
58ce9a413a2e1943be790b6cecec9f4eb2f82c830a5244d45318e1b4fc9380f334b6fe186a912eb4980a19be071b7526989280b08d9fa3cbbe51b81f793fc9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E0C2.tmp

Filesize
4KB

MD5
be93879e644a1644e72291e61084852b

SHA1
f7349964eba5b2a5e64f265724e673c97f230cc8

SHA256
ece3daa94921834cde2e1a5f9bf4ed17f3cd5b6da43c2c79ba60230d32ea1fbe

SHA512
5dd81642b7ecda56e8c5604b4b048fdfa8b068c9d92f0e6dd6f409cc074a1f0a05e7af0dd785069d3bad44fe1a830bee762843f8a55323bec98b1240d352ddec

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E1B0.tmp

Filesize
10KB

MD5
4014b1952c988f6075e37595c552cbbb

SHA1
cb016c6138d16e03d80d3d446dd1286e1decb496

SHA256
9bc65228aebfa471288c2d10bb7e6eac4ae202985adeeccc37f714ba3cede5f3

SHA512
a89b9437529a11547680006b4fb931bf536db1086637443c953ff2511ce9df1fb2fd8fbad846264c5ebd94af699692822033598028acd3bd1c44325c9cd5a7a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E29D.tmp

Filesize
6KB

MD5
703c047b95b21a6f1edbbd0762f7410b

SHA1
d386fa4e62afa8997553bed13ee6a438d6dc0126

SHA256
63f5f26f899256a9350336c3a2791f07ef1eb97b0f41bc877bda2186ce1306b0

SHA512
f516454fe176f7394e9730f142da1f3cdde7732dc34873f1d30ab428f8e6be46f9250f7a15b3c94ca07c7afafb3f46783e54d6dfad2dd30bafb1d36ed0a1902e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E77E.tmp

Filesize
22KB

MD5
28ad755ef7fb1e9507e4a6a55cbf10a7

SHA1
36a5cede32814f59713576bec729e5a99b3aba5e

SHA256
227e033a4f0d0e5172fa8ee30c33a3fa6e67a2a11a59e9274e7192bb96f2b032

SHA512
90fa3f80a8fd085f7f27aec181ed2439d815b64a0eb5b2f8ef36b51b2a570adc6e3a83dfe7a99629a47c137047d2a0c32a233b5e3941587e54761aaf2c4a1129

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E86B.tmp

Filesize
4KB

MD5
80fcd8324e7049e4d73d4487479cd465

SHA1
5116047a0d768fa33df08f694c81a628c25ffdf5

SHA256
fb0ac747828f3b53ada36da693b1d51ba2340dc1b57f819f9d7c62a5a0bc00f5

SHA512
fd542af584e4b7f6bafc2176198d40fda87b107b1bcfe215a9762198c69563606ca9a3193ff4a2e94a99835f56c7c3f75b69f47782b54346c2180028e3aa157f

Download Submit
memory/740-55-0x00000000009C0000-0x00000000009C2000-memory.dmp

Filesize
8KB

Download
memory/740-0-0x00000000009C0000-0x00000000009C2000-memory.dmp

Filesize
8KB

Download