Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 05:11
Behavioral task
behavioral1
Sample
fc0062783cfb280dda285dda96123469_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
fc0062783cfb280dda285dda96123469_JaffaCakes118.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
fc0062783cfb280dda285dda96123469_JaffaCakes118.exe
-
Size
61KB
-
MD5
fc0062783cfb280dda285dda96123469
-
SHA1
62b7af2f2c3d056d1eda1dbb07cc82a668ffd990
-
SHA256
881b7e78e581f59ec6b6ff5dfdd7134af869d7b88e56902dcbdca2d907ac39d1
-
SHA512
8a95404235681660a11f9110da51cee9f6847b0917f2a86dcce6b933b2e5a3c8351d84f009a282ee9e61fc5968ae285a39163b36bccb8f7759fbdde6ed622851
-
SSDEEP
1536:wSHg93C5n6k0QdYA8A7ZP6ZTM732IfuyZN:wSRV6698Pi73XfD
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
fc0062783cfb280dda285dda96123469_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ xmens32 = "C:\\Windows\\system32\\lbl2581.exe" fc0062783cfb280dda285dda96123469_JaffaCakes118.exe -
Drops file in System32 directory 2 IoCs
Processes:
fc0062783cfb280dda285dda96123469_JaffaCakes118.exedescription ioc process File opened for modification \??\c:\windows\SysWOW64\lbl2581.exe fc0062783cfb280dda285dda96123469_JaffaCakes118.exe File created \??\c:\windows\SysWOW64\lbl2581.exe fc0062783cfb280dda285dda96123469_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
fc0062783cfb280dda285dda96123469_JaffaCakes118.exepid process 2020 fc0062783cfb280dda285dda96123469_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
fc0062783cfb280dda285dda96123469_JaffaCakes118.exepid process 2020 fc0062783cfb280dda285dda96123469_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc0062783cfb280dda285dda96123469_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fc0062783cfb280dda285dda96123469_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx