eac2417aa792d3080f2b00378731765ed8ab7f77beac0f052af99b653c0575b0

Analysis

max time kernel
138s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 13:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5231e860246a78dde533c6abeb8ebb04_JaffaCakes118.exe
Size

16KB
MD5

5231e860246a78dde533c6abeb8ebb04
SHA1

d8fb42882ecf3780c22bef74ab53729a2b33c31f
SHA256

eac2417aa792d3080f2b00378731765ed8ab7f77beac0f052af99b653c0575b0
SHA512

bf753361c6bdabd658a0911b51158f17ebb551db37ca48c843332504284122e0ade8850ee70e5be33c65266830860cc5cff1a2d0b28695401548b78b9681684c
SSDEEP

192:CvTl1Bva5ySFagL/nKBPhISG62pW/rJRgRBtD/rVND3koxYceh4ZDow:ShOySFagjSK962pGNRgrtD/9ecn

Score

3^/10

discovery

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1084	4984	WerFault.exe	83
1200	4984	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5231e860246a78dde533c6abeb8ebb04_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4984	5231e860246a78dde533c6abeb8ebb04_JaffaCakes118.exe
4984	5231e860246a78dde533c6abeb8ebb04_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4984	5231e860246a78dde533c6abeb8ebb04_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5231e860246a78dde533c6abeb8ebb04_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5231e860246a78dde533c6abeb8ebb04_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 57336
  2⤵
  - Program crash
  PID:1084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 57040
  2⤵
  - Program crash
  PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4984 -ip 4984
1⤵
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4984 -ip 4984
1⤵
PID:64

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~!#10D3.tmp

Filesize
10KB

MD5
51c86a5c504c3c14795b90cdf24e5feb

SHA1
5aefee8f23753b9841b094c72907226ee899665b

SHA256
a0f078d0485f6b83a81257040259572e71d7e57d9ccd0f03e675221f83a89fde

SHA512
359b16336917c52ea71a28b971ceea3dfc7a327ca79dedc3eea46492a40892e2d166ecca9d15761c29691b17a21d8dc91279098a9ab7e5c0faf7781046c421a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#132A.tmp

Filesize
12KB

MD5
3a953fc576a9c9ef7a891d31a5e7452a

SHA1
6ae2ab43b28612c2712be7a4ba50074efd358c60

SHA256
489be193ffc84903d3727e964d88aaf07af6b1255920bcb829f09fec62a1403b

SHA512
2dcaec93f1a9a49b60047c36595e69d4346955ef1e79d74806fa0bcc36cf975f823c9371f7aa6691091d52c47f92726af3f6f0bf9be041a76c5f023e1c7fb307

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#18D3.tmp

Filesize
10KB

MD5
16ced61d88633958d007ba50236fd49f

SHA1
c12a9cde34385a22a005ade656efded181f41961

SHA256
aae04fe017474cb717a0e197482578c93f6ebd00f4a291f1d88e92b6fe43d591

SHA512
23e61ef30713bf49cdcbe007c98c31bc4651e110ee2938d8c985c7d3cc7e0da4ad0da84894aa2ab61bc00ed1d6f37228108adab22b01b780f2d30abf4003c50d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#1A4D.tmp

Filesize
12KB

MD5
be19298d92463b3ac1147c309e8948d9

SHA1
601cc90849fa5eedbddacaec061a4e2f4bf0c5f2

SHA256
833c0bafef364e2fffc3bdfcc8e7af0390686ba1bc4353bd3a02b9603398d8a1

SHA512
c945041d6d74c3211e428c01111d969fdae5d35d3b4f7a0d3f3a98505f3b3cfb8ef3697a11b6989b60519b1b340709480c9c149642a19ec58dc65af8dc78dd19

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#1ACB.tmp

Filesize
12KB

MD5
ab55b2a56eb3af590a76d0e6cda6fe58

SHA1
e03d2da2be191072611842af4f404f443ef2ff88

SHA256
14542dd2cb8bbc8d7289f66c83d7fa80b35828e11079b5504b4fd3b4b6ccb481

SHA512
071bf1dc7ff223ca0a01704cb311f4baa505ac98e484135adef2c4c5028aefa11520b51940a8d0b073e36a59bed5eb8f6c5f26eec2981245234514f5afed7cad

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#1E9C.tmp

Filesize
9KB

MD5
4da64a276b11b81fd1d7c362ef3b6ca3

SHA1
4344442360dac845a8eb36f234fe1a4a6593a278

SHA256
20d02dc0efcece138b7ddcd4f3f01923ca108fde4519c0eb5bc9a19ec11aff44

SHA512
04d6c180b73862cca735931354b250ad5edf1fca36e1cb71a915dcfd77ae27151c098b3b5890e1391dde573c680639217c8d906aee1a71e69b64e2f7c404f4c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#1F89.tmp

Filesize
9KB

MD5
2996aac3e0bce3d6667335edbeb2dae4

SHA1
04a996844f99eb568450c36c819696e5e505d0ec

SHA256
164a0c7b19d7e275fa3a1e092a697ed4643f099bba85f37f9efc28fbfb557b7a

SHA512
b8dfea72836d3ea1e2b65d780ad780e944e29835a0dce4ad299091d2132565e938b4003e4f0ce7bda29c6a44fa0ddee97ada8cbcfa6b72e46fddbddb2af6d6a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#2181.tmp

Filesize
5KB

MD5
15772c906d6046ae103967e108799144

SHA1
3d46b2146f533b5e4fd9a25feb65fd60944cab33

SHA256
ba497024b940ad26d52e3305b88f50e8d30b91a7be537364b5d1a91357f57520

SHA512
20f8930009eac1cd6e97674124f5a81d30b66eeb136b8b9ba579115bb39ee7bdc059d68faf0305ce54fb0b7915d9be9473ee9edb97b0e710c49757b13bc7b8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#24D3.tmp

Filesize
5KB

MD5
e78129559825e39740124e8b965d51e1

SHA1
1f569ae6e74f93f8cadc0c6c32b7d83d5f347842

SHA256
7bfcb2a51a4f8406624592ae6ceee249a89a4ff04b39c2c97536ffd5320583dc

SHA512
955cd9442315b07120e7e7d60b36a585ecfeb2be5c8f7f5625fd46a8067b75086c8ca2be56cddde01584e4a659e752e08978d1a8962c2694f3192ed621c1094c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#25C0.tmp

Filesize
8KB

MD5
b75e90c9814271f36c88cc445dd68a40

SHA1
747fd19c4eefa99b65037e68da9815664c808884

SHA256
f343ed13212ced3b40b605d670eec392f174a62c167246fff07eb5722a8e5414

SHA512
d35e51a62ab3f373b5159e9b4b316d5329ba4a50f4881a22873f2cc74a80764967edfa40f7d47a5c4f78848495dc098a4177b82d059103ab18a1df9c0d6bd7b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#2C75.tmp

Filesize
9KB

MD5
6a5dcb125e0e899dce8655ac7da84c8d

SHA1
ad2146b64ebdb4e081ccead4efb9801a2a745c05

SHA256
a05c9798064d96af0e2b025bdf761b6e6ca8bb9f924367058389b7d076b52347

SHA512
48e70e0f39fc9a10bf1299efcea8665ab7525d55c8294f542dd35d8f3d9a6f4785efe12dacf717599a43ba4e9128a567a876d7a6f5d364828a43c2d4477efccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#2D71.tmp

Filesize
8KB

MD5
46bcdadaea844d8e873e317cf688959d

SHA1
70513b4249ac0cf6af6792b370c9bf39c591135c

SHA256
321be1c92f0e9bf4598072afd046614034909260c54aa990ac0db59844aaa523

SHA512
fa98a91222bc5c57cd254e5306ab01f11fc0407359c75f2a90c9f503a8e9d3a373d6b1d42193d0e9a9cda6fbe500730f5c6401ba26e47ce59daafe4377c41579

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#32B8.tmp

Filesize
13KB

MD5
9327eed19825c225915a5b4f5a8cc3dc

SHA1
326437d7c4f8af88781b1567f1887b283e497e39

SHA256
bb9da07af7fb562be9fb85b0052b0dc37f9bd431c7fd6e643d937221dd4822c3

SHA512
98fba3992c12599a591f0f26830b46e5a8b90cae1430cf6bea23ce560c053789edb99b85b57e3bcabec9c980e01af3cce87b9f5f1c9c8f752b1a097874081251

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#B8.tmp

Filesize
15KB

MD5
f97e4d2833f8b60a01c11a48c92042bf

SHA1
7560109682e8a29c310057faf19115238ed1fce1

SHA256
2c98671c8b45cc5304301786a3837bab14489a7aee6f24ff9c1e8dc101e438f4

SHA512
e4cfee1ce1b84deb09da94d657db07ce03fc8591ce8157dedfe6417823ee6b43b133f2f8a4aed95ba84af46ce6f7cc523b8038188deb2f7b522233cd036fcd7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#EA47.tmp

Filesize
10KB

MD5
8765185aaccfc4131383d4c0ca699135

SHA1
759e588c3eb320043680d41e929076913c8433de

SHA256
84272823bfe74f7111af059f8fcaa74fdf60abfe5ef1caff5e686c54276c39c9

SHA512
439ab15b140f90693b89eddc64f6ffe5e6ccd63d1a9313f4ac9d45bfce67b6d2524d05c838dcd28367310c9d777d0fd116ba20c82db14a190b4dd14060581655

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#EC3F.tmp

Filesize
20KB

MD5
724bc5f333a5f583c972972d6f9722d4

SHA1
99940c70197aa902e585294744d4ae8556e3e201

SHA256
14cff447414941f6b735e224c2eccab61dbc1907cb6a7b955064c052c6ec8eee

SHA512
38a13b9db304ce2ba14696ead0dbdbab7aaef02f3205c7cf876a9a100bbc6b748985dfb6a401dfc5462af73c11fe11aa45dddbf61a12aa088079cd8a513c15a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#F17A.tmp

Filesize
11KB

MD5
9af61b81ba4a8e60cdc819d755e710a2

SHA1
fd0b21e838e5ee061609c54dbf904ebf7a520d50

SHA256
a27791f0305a620e92dbf7d65bafb05c8b907cf90c9c0903768929a8e2358b77

SHA512
4107202cf882c13cd0cb4ca8a0f0e4f46bf3e64cfa066f092fb7b6faa544f63b75d4e5cdef963d0c183cc46e300cec10ffa390d98b5a97715704f8c4c001c280

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#F635.tmp

Filesize
10KB

MD5
585d591653571b371cb949083ba299dd

SHA1
cd975270fe87e20042104f38d7d8a71f62e40c74

SHA256
474c578acb65197ed896c26d887ac278b298101003954505f6035343ecc4860a

SHA512
001a497e179b6ef5f2f94cfc47d7247b215d03f564c9cccea7deab672edbc05f3a45163f6bc7405891fd63b0e7b8eb2b7f1203efea2eeb83bb23790e94dd24b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#F6B3.tmp

Filesize
5KB

MD5
2b5cf40c0ccffdc7506bbc8137d20ea1

SHA1
7acc8d5790dce3584bfc5b5a43b76aee80d11f0d

SHA256
5ecaca0cdfb2a95742b73eb4a915cc1b15296b7e2377d346a4ab307055f31b0f

SHA512
8860472d89083a68708c05d28bd69f818b2bf5d3445bd5bd41c5d3dacbbd5ed3489908f9e33ae7d1e20962bc41747d1dafb1fc4836fe7e9b67e4c715793d979c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#F919.tmp

Filesize
10KB

MD5
971ada35dce48ad5f98ec58bc9e1c2c3

SHA1
ddbfd100e5dc2eba8cec86b8f01c12e50888d514

SHA256
7b9a9321e04d30ceccf851ef9776dda1ff8e71b2141303d62b6af03e67f09e9d

SHA512
41f31627560950dadc61406aed0898951013ef5d982920d420221afb5953493a4ae85f8498f3b6c94ba5895f176c88d0d578560cf35c0080db91257ac196ecb0

Download Submit
memory/4984-0-0x00000000005B0000-0x00000000005B2000-memory.dmp

Filesize
8KB

Download
memory/4984-48-0x00000000005B0000-0x00000000005B2000-memory.dmp

Filesize
8KB

Download