Overview

overview

10

Static

static

3

ed14d36ef7...18.exe

windows7-x64

10

ed14d36ef7...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    93s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-12-2024 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed14d36ef751292185845576e9310e1b_JaffaCakes118.exe

  • Size

    191KB

  • MD5

    ed14d36ef751292185845576e9310e1b

  • SHA1

    af05b4d1399e6b101ac91d0a1024c7838b15d09c

  • SHA256

    e9732b3134c86949f6bb3b983a490bdd77a8edfe1b6f3122a3560341948a644f

  • SHA512

    128a4fcff995814705ccacf3ba527b4718eefb48e0a259af97609ccd0729499d3f51bdeeb184e8d2d2e02da33ecca9ed4410a916a64e4424a5124bebd7e387a1

  • SSDEEP

    3072:u8Jms5o+YrlOhGOyy8KaBiQbBvEBGhxXEvIxntMut9jwJRF8ejb+O8Ak9NJ:u8JmCF3h7yhKuH1vEQFEvINSuDjkgqKl

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed14d36ef751292185845576e9310e1b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed14d36ef751292185845576e9310e1b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    PID:1956
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 356
      2⤵
      • Program crash
      PID:208
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1956 -ip 1956
    1⤵
      PID:1720

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads