a7240506d36f3c31d85bee3a103ca72f6969d9d6378329cab7c1d0d2a02c15c0

Analysis

max time kernel
97s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4d874785d49e2d1272c658779d99743f.exe
Size

152KB
MD5

4d874785d49e2d1272c658779d99743f
SHA1

4f7d5a6c6f56141899ca9aab33242345ad071b41
SHA256

a7240506d36f3c31d85bee3a103ca72f6969d9d6378329cab7c1d0d2a02c15c0
SHA512

055c17aab705091a266d13c5bf7eb766db19b834d544f84ccfcfe844fdf2e9972795aad7a8bf6d6d65ccd24c4c46ab5ffee16a679a854c38a677cabe4a12fda7
SSDEEP

1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2944	2556	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4d874785d49e2d1272c658779d99743f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2556	JaffaCakes118_4d874785d49e2d1272c658779d99743f.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4d874785d49e2d1272c658779d99743f.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4d874785d49e2d1272c658779d99743f.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2556
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 464
  2⤵
  - Program crash
  PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2556 -ip 2556
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-2-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2556-3-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download