Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
05-10-2024 08:56
Static task
static1
Behavioral task
behavioral1
Sample
170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe
-
Size
821KB
-
MD5
170591c0c9563ac6ef3a17bb5ecce674
-
SHA1
69b51e4d839bd7f984682912838b6d33adeba793
-
SHA256
c3aa9aef0b39032f37c299996337932a439e2739255b17a1e74e11a9c03c2915
-
SHA512
30f3fad357b4b3b0f19f8213944922666ed59c0458d18047cc128d95859f9e2e8ac782741c89c72a78028ed36f220c27d55904fc1844f3367050ab6f2ebfcd6f
-
SSDEEP
24576:fyRM4M25Q59mdJfzb5pUKY5eBOmqwDk9Pejiwoa6baq0ADQcD:fyRML2eafbKeBOmqlTwSbvDQcD
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2652 3068 WerFault.exe 30 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3068 wrote to memory of 2652 3068 170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe 31 PID 3068 wrote to memory of 2652 3068 170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe 31 PID 3068 wrote to memory of 2652 3068 170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe 31 PID 3068 wrote to memory of 2652 3068 170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\170591c0c9563ac6ef3a17bb5ecce674_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 1802⤵
- Program crash
PID:2652
-