Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2025, 01:51 UTC

General

  • Target

    JaffaCakes118_45a3e9c11a7fd9583c8e789f3f02e965.exe

  • Size

    204KB

  • MD5

    45a3e9c11a7fd9583c8e789f3f02e965

  • SHA1

    9e2eaec889819a2c2d05b5f6b8b00c7a70c8b07f

  • SHA256

    f33634cca497ee7c3ced4f838e2f082f005276e83a9c04276aa881765d39bfd0

  • SHA512

    83b02808aae9b979b231a91cb454aadefd6020f999fd32b2b6da10ba20d1098f37ac692e3bd53ef2b0b4209c895e3a2ca9b551c3ac9bc7ad09a6c92ded62c634

  • SSDEEP

    3072:JgorgETGstqNo3IRcbCrNQyCsGZd0Q+6s1ADeZ6a/NsPivc8YTtjklHf8wk:6oEKGrFrNQjZd0Q01A06P8TYTtjklH03

Malware Config

Signatures

  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45a3e9c11a7fd9583c8e789f3f02e965.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_45a3e9c11a7fd9583c8e789f3f02e965.exe"
    1⤵
    • Server Software Component: Terminal Services DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2324
  • C:\Windows\SysWOW64\SVCHOST.EXE
    C:\Windows\SysWOW64\SVCHOST.EXE -K IMGSVC
    1⤵
      PID:2820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.