Static task
static1
Behavioral task
behavioral1
Sample
49-982941-264563188-Nummer.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
49-982941-264563188-Nummer.exe
Resource
win10v2004-20240508-en
General
-
Target
3a92c3d7051a9296d9dd52fbf4dba24a_JaffaCakes118
-
Size
621KB
-
MD5
3a92c3d7051a9296d9dd52fbf4dba24a
-
SHA1
d4094790e8bd59895f80eb1ec62296f5c5474d69
-
SHA256
5c544463178dd733c4b40f1ae6812c013b97aeecd76d8fc0fb893eb602be1db1
-
SHA512
f3a6639a4c5f869248a1e153136cd35b40478717837df0bc097a005693e704fee29d6d6f0c92179a685e26b7d0f6a1c52ed3c23f30746476d0b951dd0135c2f1
-
SSDEEP
12288:50jhw51alVGuAODM6qDy9CSl7zsf7MQduWQTl9U3I0/FgeoDmf5uFL10tC:6VwaDpqD4BVim3DmfOh0tC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/49-982941-264563188-Nummer.com
Files
-
3a92c3d7051a9296d9dd52fbf4dba24a_JaffaCakes118.zip
-
49-982941-264563188-Nummer.com.exe windows:5 windows x86 arch:x86
6780ce4944e66311213167035ae008dd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
untfs
Extend
Recover
kernel32
GetFileType
GetExpandedNameW
FormatMessageA
GetEnvironmentVariableA
GetCurrentProcess
OpenWaitableTimerW
HeapAlloc
GetConsoleTitleA
CreateFileMappingA
GetModuleHandleA
GetShortPathNameA
lstrcmpi
GetProcAddress
SleepEx
Sections
.text Size: 634KB - Virtual size: 633KB
IMAGE_SCN_MEM_EXECUTE
.ydata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_MEM_WRITE
.RSRC Size: 2KB - Virtual size: 2KB
IMAGE_SCN_MEM_READ