Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
17-05-2024 23:20
Static task
static1
Behavioral task
behavioral1
Sample
504a43899542a8bd83295429dab03369JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
504a43899542a8bd83295429dab03369JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
504a43899542a8bd83295429dab03369JaffaCakes118.exe
-
Size
1.2MB
-
MD5
504a43899542a8bd83295429dab03369
-
SHA1
6ae1bc147747aee1cbc9393df6bd423f58aab229
-
SHA256
8d118c09e62311d027838c76495d6d299e94b802d35a2ff0670d17a743fa10d9
-
SHA512
1bdafacb91136dbbcb3e5f492b7185ebdb7364874e2d9b4d674957f7702a13bd43e0ec0ae1ef3fff84f8ed835e141928f55095916230c97d7fb2adb34483d5d9
-
SSDEEP
24576:ZkUskXgk1aLQMPZD6DjVhWJP2kC3jHwXyAlZMZfnUoAWK9oT:qkXF1uQM9UhSPFC3jK5HKUhWTT
Malware Config
Extracted
hawkeye_reborn
- fields
- name
Signatures
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
resource yara_rule behavioral1/memory/2892-212-0x0000000000400000-0x00000000004A8000-memory.dmp m00nd3v_logger behavioral1/memory/2892-214-0x0000000000400000-0x00000000004A8000-memory.dmp m00nd3v_logger behavioral1/memory/2892-221-0x0000000000400000-0x0000000000490000-memory.dmp m00nd3v_logger -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\win.ini 504a43899542a8bd83295429dab03369JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2892 504a43899542a8bd83295429dab03369JaffaCakes118.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2892 504a43899542a8bd83295429dab03369JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
497B
MD580f15b158c49b73757d1dde727355db7
SHA1212a5c033130af8e8254d2b7a4a6c8762628ec91
SHA2560df5cecf65125ca8de5b8a599400bda1aa3700b43f9f73ac91c2261da7946368
SHA512767af13228a26d8b8ff2dfdefa223045638df6e37d4e614274c425e2e70cd12125a933946da286c1375e892668decd732300e22d301b4c8087f887dabf13050a