Analysis
-
max time kernel
120s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
29/03/2025, 19:01
General
-
Target
JaffaCakes118_937df6c58974b32ca24300ad7bd32564.exe
-
Size
125KB
-
MD5
937df6c58974b32ca24300ad7bd32564
-
SHA1
f0c8661f2bfc92953070d7222124ba9b614e452d
-
SHA256
c5aaa7c804a91a55efd9ca044e5cd7630b8aec473ffe7c87b951d2da7f9bfd96
-
SHA512
94cf2776243ec34b3d975881b4b70dcc30c393a85b9bd41e1d157c695c68eef29e672f48b5ed139c23a8467319a97a37092791fd72689f398084ee5561d1797d
-
SSDEEP
3072:OOH4Sme7mpSDGijsLGT3moDeFfIge+WB:OG4Sme7mgGcpTRR+W
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_937df6c58974b32ca24300ad7bd32564.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_937df6c58974b32ca24300ad7bd32564.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 5242⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 5322⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4220 -ip 42201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4220 -ip 42201⤵