Analysis

  • max time kernel
    136s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 21:54

General

  • Target

    4a2fcf744d44ebf09184ea9a2690dc78_JaffaCakes118.exe

  • Size

    185KB

  • MD5

    4a2fcf744d44ebf09184ea9a2690dc78

  • SHA1

    06be0dc07b60c5f40697a674a2d581389db75950

  • SHA256

    13f54c056fce03f8e1a6fb069c057a9a65c05ca8f20e48301aef4912b0ac3316

  • SHA512

    61c010311e75d14d30106268883974e9a80f64d02df556a8ecc6bbcb791f37c76dc16d3e54e77431d40e690b8ac9a957f8546fbeeabb0ad37b23e3cb4577a5a3

  • SSDEEP

    3072:ogpQw7bUxPhQ3ajJa8N9QepzpjkBm1QYvjR8wCPgX8cFT4:osPohHJFNPzpjAmjiwigX8cN4

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a2fcf744d44ebf09184ea9a2690dc78_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4a2fcf744d44ebf09184ea9a2690dc78_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:672
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 500
      2⤵
      • Program crash
      PID:4424
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 672 -ip 672
    1⤵
      PID:4508

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/672-0-0x00000000006D0000-0x00000000006E9000-memory.dmp

            Filesize

            100KB

          • memory/672-1-0x00000000006D0000-0x00000000006E9000-memory.dmp

            Filesize

            100KB