Overview

overview

4

Static

static

3

523545a93d...18.exe

windows7-x64

3

523545a93d...18.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    17-10-2024 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    523545a93d4b8098348bb7758eb08527_JaffaCakes118.exe

  • Size

    56KB

  • MD5

    523545a93d4b8098348bb7758eb08527

  • SHA1

    90606a913499b68842998e633a62cee4f5e4970d

  • SHA256

    409bf183d7cd9477f1ea6ff179cb4883175caa5a3d45bf5b71075c0cea5769d6

  • SHA512

    73ccb2fe6c5fe6efbc8705b6a1786f6144422e9bf1b1ae3ab7917468b8fdb0bb1f73b45be0712202037f1b7d6f4e78f7867c301261cc87766406fb5248a55f20

  • SSDEEP

    1536:Zvvvvvvb7HLW2PimFNnyTO8UMYckaW0Fc9k3IJc69:hHygHFRh8UMYcl+9k3In9

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\523545a93d4b8098348bb7758eb08527_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\523545a93d4b8098348bb7758eb08527_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 36
      2⤵
      • Program crash
      PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads