Overview

overview

5

Static

static

1

249e1a3066...18.exe

windows7-x64

5

249e1a3066...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    249e1a3066707a6fe90c859a6b61025d_JaffaCakes118.exe

  • Size

    607KB

  • MD5

    249e1a3066707a6fe90c859a6b61025d

  • SHA1

    75412e06636aef2743b889a7652b35763c8ea697

  • SHA256

    14c7021da5cf1247002761515e077b60d5997689af9d0368d600ddbb4c3ac7bf

  • SHA512

    d0093afb2d29702ab0ce6519c872aa941531e317013f626393a00b1a0e11439134c91ecc0954d342af49420ecbe11b56053f17280d49ae9670f8425b6adcabbe

  • SSDEEP

    12288:XVOzv5orBCYTIVareJyfbFyO1Dtu3Mi5ewCdFhAtCgSA0PMU:kQnIhsRyGDtcMihCzhcCgS73

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\249e1a3066707a6fe90c859a6b61025d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\249e1a3066707a6fe90c859a6b61025d_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\249e1a3066707a6fe90c859a6b61025d_JaffaCakes118.exe
      start
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2664
    • C:\Users\Admin\AppData\Local\Temp\249e1a3066707a6fe90c859a6b61025d_JaffaCakes118.exe
      watch
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2220-0-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2220-1-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2220-2-0x000000000046C000-0x000000000046E000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2220-3-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2220-4-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2220-5-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2220-6-0x00000000004A0000-0x000000000053C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2472-14-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2472-15-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2472-13-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2472-12-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2472-10-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2472-17-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2664-11-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2664-8-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2664-9-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2664-16-0x0000000000400000-0x000000000049C000-memory.dmp

    Filesize

    624KB

    Download