Analysis
-
max time kernel
140s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
06-05-2024 00:21
Static task
static1
Behavioral task
behavioral1
Sample
19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
19e04ede9a9657c6b6a984150a226923
-
SHA1
fe121bb0b2a9c3da49a39ba9a99061b715dafc74
-
SHA256
d4dfb771a01eff68343bcafb01614a72d294c80a70c5eaddf300b0b0ad5d253f
-
SHA512
a26e48c284a885d6de6c0f24cd5a20a22e41fe40a519c248e3197d607f9c95cad7c1b918346f5a77920f3e64c054458c95d8d4e2f020a6a6beb538b077661f8a
-
SSDEEP
24576:R825Kz3iScbWjRZ0L006Dk/mZfUanuoUSyetjIJRWbVX8UKzpr8enO6w:TM3eonpQ/mpvuvSye9IObp89prM6
Malware Config
Extracted
sendsafe
UNREGISTERED
91.220.131.59:50003
91.220.131.59:50004
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2356-1-0x0000000000400000-0x00000000005C9000-memory.dmp sendsafe behavioral1/memory/2356-2-0x0000000000400000-0x00000000005C9000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exepid process 2356 19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exepid process 2356 19e04ede9a9657c6b6a984150a226923_JaffaCakes118.exe