Overview

overview

10

Static

static

3

e95f9586de...18.exe

windows7-x64

3

e95f9586de...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 02:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e95f9586de3268d42da29daf8d0705fe_JaffaCakes118.exe

  • Size

    240KB

  • MD5

    e95f9586de3268d42da29daf8d0705fe

  • SHA1

    10b99516205e618c925728f866a56f87e0db915a

  • SHA256

    fa64b29ee5ed4b1940e3e0ef802082e8a3c9d3d496c81d63f6d645b8cac5d389

  • SHA512

    fc1f745884c3312e7fe31c845eae44556cf182642ee9a5e5fc01a59de706e300cc25d437656c6c18319fed142c91f56d236c9b90935c247fc9a409a011f0b736

  • SSDEEP

    3072:/MWsQNxJUJTp2E+qvFuIoF1PYUGQQEKGLY+q+XrNJd2/GP+oh1Ov8oKBjcUZftb0:2QOpkpNJIvD8j7p6

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e95f9586de3268d42da29daf8d0705fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e95f9586de3268d42da29daf8d0705fe_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 320
      2⤵
      • Program crash
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1856-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1856-1-0x0000000000230000-0x000000000026F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1856-2-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download