Analysis
-
max time kernel
94s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-10-2024 14:25
Behavioral task
behavioral1
Sample
405a4640818fce98dacd7dd370492898_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
10 signatures
150 seconds
General
-
Target
405a4640818fce98dacd7dd370492898_JaffaCakes118.exe
-
Size
53KB
-
MD5
405a4640818fce98dacd7dd370492898
-
SHA1
bfc56113b569c9b54793e88afa7855548cf16c70
-
SHA256
1eb26a3315efd7d29b1405bf6e815785c4692d7c2413be966e922b2d9a55a72a
-
SHA512
104795a2766a4e4a0e7be320a9e5700ea2b4f856bd0cc04b6747cd8f7bf6741b81360443f80ed6c581f10d9f884d2dd299113b56afc16d0d2a6d6ffb69b66d0a
-
SSDEEP
768:D//fJHQjzYhcUNJzoa3xYur783N8E7Oj4iEJS4ungeN+TKMW+2sP9wAwgNn+:jfJHQjsh9bMs7hE7Ok3i+JqsP2LgN+
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2320-0-0x0000000000400000-0x000000000040F000-memory.dmp upx behavioral2/memory/2320-1-0x0000000000400000-0x000000000040F000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 4584 2320 WerFault.exe 82 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 405a4640818fce98dacd7dd370492898_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2320 405a4640818fce98dacd7dd370492898_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\405a4640818fce98dacd7dd370492898_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\405a4640818fce98dacd7dd370492898_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2320 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 3082⤵
- Program crash
PID:4584
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2320 -ip 23201⤵PID:4960