Analysis
-
max time kernel
93s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
02-01-2025 13:47
General
-
Target
JaffaCakes118_6588a7a9e3a093ad3aca1ef4e6a98f57.exe
-
Size
120KB
-
MD5
6588a7a9e3a093ad3aca1ef4e6a98f57
-
SHA1
cc92af2646e35b171ce9afc935bf17a3d97884e9
-
SHA256
05a056d68c535ba189cd722056f770a41300c599aec210020454d0b3c6d182d0
-
SHA512
c23358f2cb261b7ea2b0c7dbf086297aa3777d5ea7ed2b11b2bad815ae4a34548d710a2ece01b894a5e54178bbf81dab73bcb788d3dead1bf9cf43d01cc9548e
-
SSDEEP
768:k4Se+TO+LxSnUpzbVzjJeXPqKRZafehKNseSCl/m:kjVTZxSEVXMqsZa2wMsm
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6588a7a9e3a093ad3aca1ef4e6a98f57.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6588a7a9e3a093ad3aca1ef4e6a98f57.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 4722⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4316 -ip 43161⤵