Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2024 23:20

General

  • Target

    504a43899542a8bd83295429dab03369JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    504a43899542a8bd83295429dab03369

  • SHA1

    6ae1bc147747aee1cbc9393df6bd423f58aab229

  • SHA256

    8d118c09e62311d027838c76495d6d299e94b802d35a2ff0670d17a743fa10d9

  • SHA512

    1bdafacb91136dbbcb3e5f492b7185ebdb7364874e2d9b4d674957f7702a13bd43e0ec0ae1ef3fff84f8ed835e141928f55095916230c97d7fb2adb34483d5d9

  • SSDEEP

    24576:ZkUskXgk1aLQMPZD6DjVhWJP2kC3jHwXyAlZMZfnUoAWK9oT:qkXF1uQM9UhSPFC3jK5HKUhWTT

Malware Config

Extracted

Family

hawkeye_reborn

Attributes
  • fields

  • name

Signatures

  • HawkEye Reborn

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

  • M00nd3v_Logger

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

  • M00nD3v Logger payload 3 IoCs

    Detects M00nD3v Logger payload in memory.

  • Drops file in Windows directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\504a43899542a8bd83295429dab03369JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\504a43899542a8bd83295429dab03369JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of UnmapMainImage
    PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\win.ini

    Filesize

    497B

    MD5

    80f15b158c49b73757d1dde727355db7

    SHA1

    212a5c033130af8e8254d2b7a4a6c8762628ec91

    SHA256

    0df5cecf65125ca8de5b8a599400bda1aa3700b43f9f73ac91c2261da7946368

    SHA512

    767af13228a26d8b8ff2dfdefa223045638df6e37d4e614274c425e2e70cd12125a933946da286c1375e892668decd732300e22d301b4c8087f887dabf13050a

  • memory/2892-212-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

  • memory/2892-214-0x0000000000400000-0x00000000004A8000-memory.dmp

    Filesize

    672KB

  • memory/2892-213-0x00000000775F0000-0x00000000776C6000-memory.dmp

    Filesize

    856KB

  • memory/2892-215-0x0000000074481000-0x0000000074482000-memory.dmp

    Filesize

    4KB

  • memory/2892-216-0x0000000074480000-0x0000000074A2B000-memory.dmp

    Filesize

    5.7MB

  • memory/2892-217-0x0000000074480000-0x0000000074A2B000-memory.dmp

    Filesize

    5.7MB

  • memory/2892-218-0x0000000074480000-0x0000000074A2B000-memory.dmp

    Filesize

    5.7MB

  • memory/2892-219-0x0000000074480000-0x0000000074A2B000-memory.dmp

    Filesize

    5.7MB

  • memory/2892-220-0x0000000074480000-0x0000000074A2B000-memory.dmp

    Filesize

    5.7MB

  • memory/2892-221-0x0000000000400000-0x0000000000490000-memory.dmp

    Filesize

    576KB

  • memory/2892-222-0x0000000074480000-0x0000000074A2B000-memory.dmp

    Filesize

    5.7MB