Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-12-2024 18:49
Behavioral task
behavioral1
Sample
JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe
-
Size
188KB
-
MD5
4595992061b618e7bf31b3329288628a
-
SHA1
c3c412f05eb8da678bab1dad6df204080acbcc26
-
SHA256
12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9
-
SHA512
6d8e6f88b3aa8c8b23c70d0e77179e8d6fa58f03de46fcd7a74338ef472cdf312cc5fcdf04f3d5bd0fe3c6a222c3436b1c936e74081b212fd4589ff7dd692878
-
SSDEEP
3072:eKg7eqyaLh0jwaYqJW4rWoTs8Xh90wCORzYU9MHv4PFluRfrM8oGnhP4WNdhw3p:eaYGaqBrUahyw5Rp9Ev4Pz6A8Bhbep
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2380 3060 WerFault.exe 29 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3060 wrote to memory of 2380 3060 JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe 30 PID 3060 wrote to memory of 2380 3060 JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe 30 PID 3060 wrote to memory of 2380 3060 JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe 30 PID 3060 wrote to memory of 2380 3060 JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_12696b6288fa038f64c0ddaadd015dc48a3ba067d247350369896dcd7c3c17c9.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 362⤵
- Program crash
PID:2380
-