84dcc8b3c6c00ba66d221aab878feb33d7224f68e9e42ab02bc037c2b0b88d59

Analysis

max time kernel
123s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
02/03/2025, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe
Size

147KB
MD5

42aaf89cbdf57e185210ae3a8abbbc4c
SHA1

1cd1b152b004b68b49360155cab59443bd8c90cc
SHA256

84dcc8b3c6c00ba66d221aab878feb33d7224f68e9e42ab02bc037c2b0b88d59
SHA512

5b374c87e63c5cfb6d4bd505ee192967afa72acb30a47785e5c5daacec4b1f51275552153a1a8bcf6e00a6f73948079903e4e782a928be76e396190a892f7e4e
SSDEEP

3072:d67n+z6SR5HApeMu7JrYwzU697cJaGatN1m4xq4Um37:d66z6aAxMid61PGatCCq4UQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wi240622078nd.temp	JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\MySomeInfo.ini	JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1316	3084	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3084	JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe
3084	JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe
3084	JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe
3084	JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_42aaf89cbdf57e185210ae3a8abbbc4c.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 624
  2⤵
  - Program crash
  PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3084 -ip 3084
1⤵
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\MySomeInfo.ini

Filesize
364B

MD5
ecd83bdeb4270955baaedff489818a80

SHA1
3d52f12582f046f2da27d4ffcd74bd586a249103

SHA256
bdedf527b39c694de47e820f5c515b83a9ada9c4e1bd41ba818e4864dea9e5e0

SHA512
4a316ea7422c713fbf05914321a5f3d5adf739345e371b4b1fc0a5d23cad6cd3110bff55eb2e39b1161fc6a5cf2b6eb3d705dc5960ba83a0cdabe43c8e6e5ccf

Download Submit