Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
09/04/2024, 13:36
Behavioral task
behavioral1
Sample
ea1b0d7b5ef728aab73903c96ba5aaec_JaffaCakes118.exe
Resource
win7-20240220-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
ea1b0d7b5ef728aab73903c96ba5aaec_JaffaCakes118.exe
Resource
win10v2004-20240226-en
0 signatures
150 seconds
General
-
Target
ea1b0d7b5ef728aab73903c96ba5aaec_JaffaCakes118.exe
-
Size
5.1MB
-
MD5
ea1b0d7b5ef728aab73903c96ba5aaec
-
SHA1
66731ed01cf42ef89023ce393030418055f41e17
-
SHA256
e2db03755431334a383c2287dc39142ef22ab3d466e5dacd885355388e266970
-
SHA512
cbbdec5914fd76d17c232a939b07c5076b8e29cd8bdf7f955829c8e909c7c5f0e331ed8c62484fc67afeea4446791ed519c4dab216e8396c09eba412aeb0534b
-
SSDEEP
98304:YADpQGT0EIavkoIaT14ZdhuCLmWriMvp9Wh1fT2IJnhJb+w2JeBlKQQgT5yv:ZQGT0tacoIaTGZdYGmpCf8172O/+uds
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2028-3-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-31-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-33-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-34-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-36-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-37-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-38-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-39-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-40-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-41-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-42-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-43-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-44-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-45-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-46-0x0000000000400000-0x00000000012F9000-memory.dmp themida behavioral1/memory/2028-47-0x0000000000400000-0x00000000012F9000-memory.dmp themida -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\WINDOWS\SysWOW64\PLUG.SYS ea1b0d7b5ef728aab73903c96ba5aaec_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2028 ea1b0d7b5ef728aab73903c96ba5aaec_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2028 ea1b0d7b5ef728aab73903c96ba5aaec_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea1b0d7b5ef728aab73903c96ba5aaec_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ea1b0d7b5ef728aab73903c96ba5aaec_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2028