Analysis
-
max time kernel
143s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 11:54
Static task
static1
Behavioral task
behavioral1
Sample
3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
3475a3091ff9da3b8f75ca984a5f3acb_JaffaCakes118.exe
-
Size
29KB
-
MD5
3475a3091ff9da3b8f75ca984a5f3acb
-
SHA1
16f6a9a44043357701775e4c993eb5f7c692d601
-
SHA256
8c51907ae78f0ef8f3503165d2da098c22c59fcda553658ed227cb180a21d01f
-
SHA512
350038c047c83ad0283bf0c4c39ccacab265b8254292ec5df9697e377d3b7554bf20bd4650300360c804fe8d27a37ddd074a6e406781acff7134f6301a1d0eed
-
SSDEEP
768:Fvzlc/haT0rwKMu2Ht5EfUl+zMGZg79TAp49Q:llc/haTpKMu2EUl17FA3
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/776-2-0x0000000000840000-0x0000000000854000-memory.dmp agile_net behavioral2/memory/776-6-0x00007FFA95280000-0x00007FFA95D41000-memory.dmp agile_net
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/776-0-0x00007FFA95283000-0x00007FFA95285000-memory.dmpFilesize
8KB
-
memory/776-1-0x00000000000A0000-0x00000000000A8000-memory.dmpFilesize
32KB
-
memory/776-2-0x0000000000840000-0x0000000000854000-memory.dmpFilesize
80KB
-
memory/776-3-0x000000001B3B0000-0x000000001B8D8000-memory.dmpFilesize
5.2MB
-
memory/776-5-0x00007FFA95280000-0x00007FFA95D41000-memory.dmpFilesize
10.8MB
-
memory/776-6-0x00007FFA95280000-0x00007FFA95D41000-memory.dmpFilesize
10.8MB