Analysis

  • max time kernel
    94s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2024 14:25

General

  • Target

    405a4640818fce98dacd7dd370492898_JaffaCakes118.exe

  • Size

    53KB

  • MD5

    405a4640818fce98dacd7dd370492898

  • SHA1

    bfc56113b569c9b54793e88afa7855548cf16c70

  • SHA256

    1eb26a3315efd7d29b1405bf6e815785c4692d7c2413be966e922b2d9a55a72a

  • SHA512

    104795a2766a4e4a0e7be320a9e5700ea2b4f856bd0cc04b6747cd8f7bf6741b81360443f80ed6c581f10d9f884d2dd299113b56afc16d0d2a6d6ffb69b66d0a

  • SSDEEP

    768:D//fJHQjzYhcUNJzoa3xYur783N8E7Oj4iEJS4ungeN+TKMW+2sP9wAwgNn+:jfJHQjsh9bMs7hE7Ok3i+JqsP2LgN+

Score
5/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\405a4640818fce98dacd7dd370492898_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\405a4640818fce98dacd7dd370492898_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2320
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 308
      2⤵
      • Program crash
      PID:4584
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2320 -ip 2320
    1⤵
      PID:4960

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2320-0-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

    • memory/2320-1-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB