Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
18-12-2024 09:46
General
-
Target
fb0865f8740aae0d1421c601fda4c5fd_JaffaCakes118.exe
-
Size
140KB
-
MD5
fb0865f8740aae0d1421c601fda4c5fd
-
SHA1
825f59e9b7c763be93053ed8000a76235e72952a
-
SHA256
f5dc4bff3077f9ea363e0c4d080227b24f3ea014444c462e146b2d48fb83e451
-
SHA512
f0f2c0f0b03174cfaa71bd97ce9842de019926d06655a83e920489cb23479d1d64979ca801fecdad0b94c1f561c7637654556c21a4dd8f036a29f30c99387e06
-
SSDEEP
3072:Prr85Cj50x3ViiOAJ1aWyUEJEcuUhzeS8KwpIqE7jOwgWf3G:v9juNLGWVEeHUhzlwV
Score
10/10
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb0865f8740aae0d1421c601fda4c5fd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fb0865f8740aae0d1421c601fda4c5fd_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 4282⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3580 -ip 35801⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
108KB