Overview

overview

3

Static

static

3

36ffb1e577...18.exe

windows7-x64

3

36ffb1e577...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    96s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2024 21:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36ffb1e577efadbeabd83fb2eec81fbc_JaffaCakes118.exe

  • Size

    38KB

  • MD5

    36ffb1e577efadbeabd83fb2eec81fbc

  • SHA1

    5c2c385563b8e0b6d3cd3672944cb19fb90b5ae1

  • SHA256

    2737754e2a0dacf8fe18d1e1d76c40240e76fb71b05a535fe8eb5cad2e64b171

  • SHA512

    a2973cd1879ea69f27a1f77d8026df7e14a55c9651a26fed094d919ea80a3db2d86a04276e3e45afdff44fa7ac423bc0bf05e957b27b4de242e39ec0b5dff991

  • SSDEEP

    768:hmOCH4aeB5AL0g6MQg2FiCzHinn+WpzaK4ZPy8zhidfLNnZD:h8H4n500Rq8PsztSTMVLNZD

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\36ffb1e577efadbeabd83fb2eec81fbc_JaffaCakes118.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\36ffb1e577efadbeabd83fb2eec81fbc_JaffaCakes118.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads