f67fd1318417095c3460f6e8d2796c77c805db6807c3db87836d62dde9da6a3a

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe
Size

1.0MB
MD5

513f18cd4a807a7770a2dd5605c28ce3
SHA1

d17614e74c75e6bcfefbc61434e3cffe8fc622ae
SHA256

f67fd1318417095c3460f6e8d2796c77c805db6807c3db87836d62dde9da6a3a
SHA512

86fbd16a10621d573ad5a76da901c4dff25b245d4c4080abe5f33f0c195928c53d07e3ca6391f52cdd2f609365d7c5e62f8b349b701c69a936b8cf981ef97a73
SSDEEP

24576:YQS4p3lrGhylrGht+RVVSLZswB3O4w9WmA8128M:YY3lrGhylrGhwqZRO4um

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe

pid process

2036 513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe

pid	process
2036	513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe

Obfuscated with Agile.Net obfuscator 4 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/2036-0-0x0000000000400000-0x00000000004DC000-memory.dmp	agile_net
behavioral1/memory/2036-3-0x0000000000400000-0x0000000000498000-memory.dmp	agile_net
behavioral1/memory/2036-18-0x0000000002410000-0x0000000002428000-memory.dmp	agile_net
behavioral1/memory/2036-31-0x0000000000400000-0x00000000004DC000-memory.dmp	agile_net

C:\Users\Admin\AppData\Local\Temp\513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:2036

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\837ca99a-18b9-4633-9bd5-2dc804c9158c\Protect32.dll
Filesize
121KB

MD5
3843aa072ded27b8a239b976565dfea8

SHA1
e29dc8b174abbd5d7ba7aa587639202330d40bd1

SHA256
4dbd79e2b560c256a6e32726de9dffe08fd17fe3733a871a58c3af93c42d0269

SHA512
7a7071434aa45ccda5d62d2c71da6a94cd10835a530ed89a229a6c31876ce3e6c3d089c1998f8ea38f0a684eddf3c2c8f17c1f9fc4e7143d8de0f7423ecf843a

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbCB1.tmp
Filesize
1KB

MD5
8294f7443966ed83dec91c24545c6038

SHA1
cc7494adb2aa98d44ecc202ddbe0445c3b909293

SHA256
b48764df100f9ad15b8d0a6a6b43b905c0effe326fd987d3ff90ec0793cf290f

SHA512
4bc9c619f85473036ab06ac61b8ff331c71b865b4c33b25b1a71d0f94dc27655e21b5f4472c4c0c4f80d7283a85425b88d60c9d2e3bae970048f5932360a928c

Download Submit
memory/2036-14-0x00000000021D0000-0x00000000021DA000-memory.dmp

Filesize
40KB

Download
memory/2036-1-0x0000000077D90000-0x0000000077D91000-memory.dmp

Filesize
4KB

Download
memory/2036-4-0x0000000074D90000-0x000000007547E000-memory.dmp

Filesize
6.9MB

Download
memory/2036-12-0x0000000074500000-0x0000000074534000-memory.dmp

Filesize
208KB

Download
memory/2036-11-0x0000000074B90000-0x0000000074C10000-memory.dmp

Filesize
512KB

Download
memory/2036-2-0x0000000074D9E000-0x0000000074D9F000-memory.dmp

Filesize
4KB

Download
memory/2036-13-0x0000000074D90000-0x000000007547E000-memory.dmp

Filesize
6.9MB

Download
memory/2036-15-0x00000000021D0000-0x00000000021DA000-memory.dmp

Filesize
40KB

Download
memory/2036-0-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2036-3-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/2036-28-0x0000000002410000-0x0000000002428000-memory.dmp

Filesize
96KB

Download
memory/2036-18-0x0000000002410000-0x0000000002428000-memory.dmp

Filesize
96KB

Download
memory/2036-30-0x0000000074D90000-0x000000007547E000-memory.dmp

Filesize
6.9MB

Download
memory/2036-31-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2036-34-0x0000000074D90000-0x000000007547E000-memory.dmp

Filesize
6.9MB

Download
memory/2036-35-0x0000000074500000-0x0000000074534000-memory.dmp

Filesize
208KB

Download
memory/2036-36-0x00000000021D0000-0x00000000021DA000-memory.dmp

Filesize
40KB

Download
memory/2036-39-0x0000000002410000-0x0000000002428000-memory.dmp

Filesize
96KB

Download
memory/2036-40-0x0000000074D90000-0x000000007547E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads