Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2024 08:56

General

  • Target

    170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe

  • Size

    821KB

  • MD5

    170591c0c9563ac6ef3a17bb5ecce674

  • SHA1

    69b51e4d839bd7f984682912838b6d33adeba793

  • SHA256

    c3aa9aef0b39032f37c299996337932a439e2739255b17a1e74e11a9c03c2915

  • SHA512

    30f3fad357b4b3b0f19f8213944922666ed59c0458d18047cc128d95859f9e2e8ac782741c89c72a78028ed36f220c27d55904fc1844f3367050ab6f2ebfcd6f

  • SSDEEP

    24576:fyRM4M25Q59mdJfzb5pUKY5eBOmqwDk9Pejiwoa6baq0ADQcD:fyRML2eafbKeBOmqlTwSbvDQcD

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 180
      2⤵
      • Program crash
      PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads