Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09-04-2024 08:48
Static task
static1
Behavioral task
behavioral1
Sample
e99b7b84fbddc2d9d5d4076a2c51c1fa_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e99b7b84fbddc2d9d5d4076a2c51c1fa_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e99b7b84fbddc2d9d5d4076a2c51c1fa_JaffaCakes118.exe
-
Size
154KB
-
MD5
e99b7b84fbddc2d9d5d4076a2c51c1fa
-
SHA1
6e6e2eb95343776d9f6c132c55dc897fb1f312d3
-
SHA256
fcff000dedb5f2bc6dd6d3294e8c800fe9cb44c0a035c53486b3bf10dac8a531
-
SHA512
bff259dfbe59a15c8b9401f34224ded8d7ca3e2b59f9b6552eddf66144eeba71ef3f129be2d193810f7a324865f0e39b8a522e0b9efdd2842a6c6e91721181cf
-
SSDEEP
3072:maxBn4qgNDFLgjIQsTzuwuY18JEF0ltg+MHq1Qs/vGk1:h42sQCuG1altg+8qR9
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/4376-2-0x00000000057C0000-0x00000000057FE000-memory.dmp agile_net -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1948 4376 WerFault.exe e99b7b84fbddc2d9d5d4076a2c51c1fa_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e99b7b84fbddc2d9d5d4076a2c51c1fa_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e99b7b84fbddc2d9d5d4076a2c51c1fa_JaffaCakes118.exe"1⤵PID:4376
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 9042⤵
- Program crash
PID:1948
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4376 -ip 43761⤵PID:2604