Overview

overview

7

Static

static

7

fdf8ad5d92...18.exe

windows7-x64

7

fdf8ad5d92...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-04-2024 00:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdf8ad5d920394a41dbc84068f35732a_JaffaCakes118.exe

  • Size

    4.3MB

  • MD5

    fdf8ad5d920394a41dbc84068f35732a

  • SHA1

    eaf74fae24026c61648436ad6207bbe4f37d28f6

  • SHA256

    2f1f20cdbb30da29f5862445ce7e13fe90ed2380eeee22de03688ecd327fbb45

  • SHA512

    cfbcf3f99c335af792a32dad279cf970db7767b7d808f4b3bc3cf20c0a53b9ff15e0a52c8eee694d257069b95f2faa3bacddda9219aa61d1ed6195b6c43eb52c

  • SSDEEP

    98304:W3ZfGxb7K1aT378nxLqPO8Tm4E7yHgoDbp5fS:OQeaHjJTm4KYO

Score
7/10
vmprotect

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdf8ad5d920394a41dbc84068f35732a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fdf8ad5d920394a41dbc84068f35732a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\SqliteDB.fne
    Filesize

    336KB

    MD5

    fdfe80c77db20fd42ccfe532d4857ed4

    SHA1

    a71a6e22c7580a1cdf4f747398edb4f926eebe94

    SHA256

    7728ca0fba32cc6e0891b5edd58cbeedaade42c96e2c072d7441f6aab4249980

    SHA512

    f58b6126e14b56172b21c3367afa9056577b83374d4a45a7763ff070536bd901df76154b97cf36a5356bb5a0ba4a7bc5dd38fbd39174c15bc3d2d1f3a6b19c3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\exui.fne
    Filesize

    2.9MB

    MD5

    19f6c4afdcb10a557a3c68ef137054df

    SHA1

    3fb76191e13342419413b378935ccaf07dc233fe

    SHA256

    68c93a9d26546c353962801a1902dcce1e3abd452f494732a07066d8f853b040

    SHA512

    c8a1a87d57e2a56dccfdbbd70d79cd07c569a5a474bb2d4afb8c3e3f839492c28af234a5f1b42c235e09a5aaeb90ea915b6a5d04ef7ed0c45b56562f8cd99fb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr
    Filesize

    1.2MB

    MD5

    301768e001d4db20f9a029ee835150f3

    SHA1

    7b10cb57e513687c8a89f180c2b3eb8aaace620e

    SHA256

    3e0651844de3362ab64883fe80a04757080ebc9167e665a7cfeebd741a0b193a

    SHA512

    ab9342585a56ed4075c5df0c7d38a0dc546c9f1bd821c70fd215b0923856c805ed00d54400e43fe9bd3ca49c63c68578a78152e2a397a6d32cf1b242c97c6f71

    Download Submit

  • memory/4432-0-0x0000000000400000-0x00000000009DA000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/4432-1-0x0000000000400000-0x00000000009DA000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/4432-2-0x0000000000400000-0x00000000009DA000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/4432-24-0x0000000002F20000-0x0000000003211000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/4432-30-0x0000000003220000-0x0000000003278000-memory.dmp

    Filesize

    352KB

    Download

  • memory/4432-34-0x0000000000400000-0x00000000009DA000-memory.dmp

    Filesize

    5.9MB

    Download