Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 11:13

General

  • Target

    e9dc02bdc3fc45d7885f63d09b1a6582_JaffaCakes118.exe

  • Size

    430KB

  • MD5

    e9dc02bdc3fc45d7885f63d09b1a6582

  • SHA1

    1a2c721f0d50bfbc48f8990ee5b70d09b954e037

  • SHA256

    34d3b8a675ffdc9ae7ca5dbbadab4585cd5c4833b75eac4115266baef9314931

  • SHA512

    6e77483a99540cdd118254eb3272f7cf143ab6dbfde4b5ccf32cfb2b2a5fa5b32c057d761e0ea39b50362f3d2a7f24bb0325f67444d0c9f8c9d0f50b3dfc1f51

  • SSDEEP

    12288:IFdcb3J5U2g2pl6th1U6O6Nw55x/BOnN7xEa:IFd83JFzi1U6hN+5x/QnNma

Score
7/10

Malware Config

Signatures

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1160
      • C:\Users\Admin\AppData\Local\Temp\e9dc02bdc3fc45d7885f63d09b1a6582_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\e9dc02bdc3fc45d7885f63d09b1a6582_JaffaCakes118.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2292

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1160-2-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

            Filesize

            4KB

          • memory/1160-13-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

            Filesize

            24KB

          • memory/2292-0-0x0000000010000000-0x0000000010011000-memory.dmp

            Filesize

            68KB

          • memory/2292-5-0x0000000001EC0000-0x0000000001EC2000-memory.dmp

            Filesize

            8KB

          • memory/2292-6-0x0000000000400000-0x00000000004EB000-memory.dmp

            Filesize

            940KB

          • memory/2292-8-0x00000000006A0000-0x00000000006A1000-memory.dmp

            Filesize

            4KB

          • memory/2292-7-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

            Filesize

            4KB

          • memory/2292-9-0x0000000010000000-0x0000000010011000-memory.dmp

            Filesize

            68KB

          • memory/2292-27-0x0000000000400000-0x00000000004EB000-memory.dmp

            Filesize

            940KB