Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
28/03/2024, 13:22
Static task
static1
Behavioral task
behavioral1
Sample
069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe
-
Size
816KB
-
MD5
069dc0bef8fdc76df69a08cb60ef40a6
-
SHA1
ee66f1c18440d8e2a254d81bbfb9c5bd4420f11e
-
SHA256
91f4e3c93f2a788cfa29a9cabbbb2bf646a563f6ac60f7478494464a7d158feb
-
SHA512
604a03dc0d2588b6c3cf2b6d3b79c7c8f34d2b21d32cb6d759289a4a2920aa373724e50a34dcb9f0ebeba5d422202804579f184a5fbd33af43788a85bbaea0b3
-
SSDEEP
24576:bY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9C:03XZynV4oDabuWbDQOcIxJJ9C
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2960 1D0D0F0F120A156B155A15C0F0E160A0D160A.exe -
Loads dropped DLL 2 IoCs
pid Process 2784 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 2784 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2784 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 2960 1D0D0F0F120A156B155A15C0F0E160A0D160A.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2784 wrote to memory of 2960 2784 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 28 PID 2784 wrote to memory of 2960 2784 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 28 PID 2784 wrote to memory of 2960 2784 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 28 PID 2784 wrote to memory of 2960 2784 069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\069dc0bef8fdc76df69a08cb60ef40a6_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Users\Admin\AppData\Local\Temp\1D0D0F0F120A156B155A15C0F0E160A0D160A.exeC:\Users\Admin\AppData\Local\Temp\1D0D0F0F120A156B155A15C0F0E160A0D160A.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2960
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
816KB
MD5d8a3919e2522a2322dee0cd5df0dfa17
SHA184fdca3b3a85249985678dc6472da991cd2af53c
SHA25610fb28c2dff403f4b95dedcfe38f72ec7393e75e0fd723ac32df0c5e8d857cf8
SHA5127e54adcefdc4ee386d3e30c58c426ab86cf60333167e9f4f0fdd4c0ed12cbef237fd6ad01a919d6ef3287be5cd4aabda05164ea284a67a064a2bf46ca2234190