Analysis
-
max time kernel
121s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
26/02/2025, 02:26
General
-
Target
JaffaCakes118_237fcf4433db34d76442507f23a297dd.exe
-
Size
92KB
-
MD5
237fcf4433db34d76442507f23a297dd
-
SHA1
80093b35184c4b1e39ebfbe536ea149b6c53bd27
-
SHA256
1ca0b014bf39a6292906fe7e3d1a4ffb4176f4f45fcfdc9612b3fe5799079d93
-
SHA512
cf3675f8f3ef72211ea2acc267824737a0556944b68e3492c8053d9049adadabdc148bda33f374423919b53ff095ebd5a9d69c10e7d8bba77536764ae3f0a59a
-
SSDEEP
1536:nej0T00irLVRQSKtGeGE67zLnUbzCSNH+3eD6nrU0CZaEaxxNytby8LJ1kRmniVC:ehhnKA4H+DU0B3rEtBLJOXCcZA29rpol
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_237fcf4433db34d76442507f23a297dd.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_237fcf4433db34d76442507f23a297dd.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 4722⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4932 -ip 49321⤵