Overview

overview

10

Static

static

10

JaffaCakes...80.exe

windows7-x64

3

JaffaCakes...80.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    91s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2025 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_7c5b833e21d744eb7cc4c9facdab4580.exe

  • Size

    66KB

  • MD5

    7c5b833e21d744eb7cc4c9facdab4580

  • SHA1

    aefab293760fc62603777494796e59eefe34314e

  • SHA256

    c01014acd722af800305cc31e3c742f0ac9396abd5e550f3af883d5dc4746e0f

  • SHA512

    c213cbe789b179091fe29d84b39463d6b46d7069e960564139ec188a7861b439abc9693faab6f33ffcd5a705acdd512eb84bff4b49b7878f692746a5ec9a5a6f

  • SSDEEP

    768:Vo/aYfkP7Xs2pClzBVNfSnAjD7xtsmFZc2t7UznZ2SnrPEYyxiM:yaGkPrhpqKnAjD7xtsmFZc6wz8KQAM

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7c5b833e21d744eb7cc4c9facdab4580.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7c5b833e21d744eb7cc4c9facdab4580.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:516
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 796
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/516-0-0x0000000075292000-0x0000000075293000-memory.dmp

    Filesize

    4KB

    Download

  • memory/516-1-0x0000000075290000-0x0000000075841000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/516-2-0x0000000075290000-0x0000000075841000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/516-9-0x0000000075290000-0x0000000075841000-memory.dmp

    Filesize

    5.7MB

    Download