Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 05:21
Static task
static1
Behavioral task
behavioral1
Sample
fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe
Resource
win7-20240215-en
General
-
Target
fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe
-
Size
272KB
-
MD5
fc04612d0d2d4e66d81f98ada78e22e9
-
SHA1
0c66344922fcc3bdfeb3cbb5401989f7535400fc
-
SHA256
70beb1bb34d656cd2e675eff773f908b9d5c22cb07a93a3745b2dd9892cf1512
-
SHA512
5c5dd0c6f9ce3b849dbf36966f659ef8d7c9527b4c442429b79f963d2ef4e82fa2549310f5587711358c5d2c6ce76784b729aca522121cb2f9aeaaba61aa96a9
-
SSDEEP
6144:ER1/phJ7jYKhQohD964mxpP5PYR06ZKj4VEpSO:WfYK2e9644YR0bKEh
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1888-0-0x0000000010000000-0x000000001002C000-memory.dmp family_gh0strat -
Executes dropped EXE 1 IoCs
Processes:
refzsk.exepid process 2988 refzsk.exe -
Drops file in Windows directory 2 IoCs
Processes:
fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exedescription ioc process File created C:\Windows\refzsk.exe fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe File opened for modification C:\Windows\refzsk.exe fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fc04612d0d2d4e66d81f98ada78e22e9_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\refzsk.exeC:\Windows\refzsk.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\refzsk.exeFilesize
272KB
MD5fc04612d0d2d4e66d81f98ada78e22e9
SHA10c66344922fcc3bdfeb3cbb5401989f7535400fc
SHA25670beb1bb34d656cd2e675eff773f908b9d5c22cb07a93a3745b2dd9892cf1512
SHA5125c5dd0c6f9ce3b849dbf36966f659ef8d7c9527b4c442429b79f963d2ef4e82fa2549310f5587711358c5d2c6ce76784b729aca522121cb2f9aeaaba61aa96a9
-
memory/1888-0-0x0000000010000000-0x000000001002C000-memory.dmpFilesize
176KB