Overview

overview

10

Static

static

3

f0d476a5ad...18.exe

windows7-x64

10

f0d476a5ad...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0d476a5ad1fd2db6fbf72702f92242d_JaffaCakes118.exe

  • Size

    40KB

  • MD5

    f0d476a5ad1fd2db6fbf72702f92242d

  • SHA1

    893824def46780b23fe5653a1981f295d6e504e2

  • SHA256

    dda31de7bfc82039f56b64e435c3c717be4f0e5e32e0f8277651db0ba3fd348b

  • SHA512

    8cc5f2baef936413ecb55d9db54f88bbc65cf5060eca74d396402df9c8363f135d5bfdb26dc7b43d9d7a2934e0ab9ab03c5ffed7263da8abfffa00bc3045ed87

  • SSDEEP

    384:giLp8VgWTHV9h+2/JUA8NyFfEjwOkHmHyiB5CenRCLTl9s0eT0pqfAStEoyDM:vWKKHV9aUFYmGSivCOtEoyDM

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    nassbaby

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0d476a5ad1fd2db6fbf72702f92242d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f0d476a5ad1fd2db6fbf72702f92242d_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4992-0-0x000000001B9C0000-0x000000001BA66000-memory.dmp

    Filesize

    664KB

    Download

  • memory/4992-1-0x00007FF8B2BF0000-0x00007FF8B3591000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4992-3-0x000000001BF70000-0x000000001C43E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4992-2-0x0000000001540000-0x0000000001550000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4992-4-0x00007FF8B2BF0000-0x00007FF8B3591000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4992-5-0x000000001C4E0000-0x000000001C57C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4992-6-0x0000000001320000-0x0000000001328000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-7-0x00007FF8B2BF0000-0x00007FF8B3591000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4992-8-0x00007FF8B2BF0000-0x00007FF8B3591000-memory.dmp

    Filesize

    9.6MB

    Download