f67fd1318417095c3460f6e8d2796c77c805db6807c3db87836d62dde9da6a3a

Analysis

max time kernel
140s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe
Size

1.0MB
MD5

513f18cd4a807a7770a2dd5605c28ce3
SHA1

d17614e74c75e6bcfefbc61434e3cffe8fc622ae
SHA256

f67fd1318417095c3460f6e8d2796c77c805db6807c3db87836d62dde9da6a3a
SHA512

86fbd16a10621d573ad5a76da901c4dff25b245d4c4080abe5f33f0c195928c53d07e3ca6391f52cdd2f609365d7c5e62f8b349b701c69a936b8cf981ef97a73
SSDEEP

24576:YQS4p3lrGhylrGht+RVVSLZswB3O4w9WmA8128M:YY3lrGhylrGhwqZRO4um

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe

pid	process
1764	513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe
1764	513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe
1764	513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe
1764	513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe
1764	513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe

Obfuscated with Agile.Net obfuscator 4 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral2/memory/1764-0-0x0000000000400000-0x00000000004DC000-memory.dmp	agile_net
behavioral2/memory/1764-4-0x0000000000400000-0x0000000000498000-memory.dmp	agile_net
behavioral2/memory/1764-20-0x00000000053C0000-0x00000000053D8000-memory.dmp	agile_net
behavioral2/memory/1764-42-0x0000000000400000-0x00000000004DC000-memory.dmp	agile_net

C:\Users\Admin\AppData\Local\Temp\513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\513f18cd4a807a7770a2dd5605c28ce3_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\837ca99a-18b9-4633-9bd5-2dc804c9158c\Protect32.dll

Filesize
121KB

MD5
3843aa072ded27b8a239b976565dfea8

SHA1
e29dc8b174abbd5d7ba7aa587639202330d40bd1

SHA256
4dbd79e2b560c256a6e32726de9dffe08fd17fe3733a871a58c3af93c42d0269

SHA512
7a7071434aa45ccda5d62d2c71da6a94cd10835a530ed89a229a6c31876ce3e6c3d089c1998f8ea38f0a684eddf3c2c8f17c1f9fc4e7143d8de0f7423ecf843a

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb7D90.tmp

Filesize
1KB

MD5
8294f7443966ed83dec91c24545c6038

SHA1
cc7494adb2aa98d44ecc202ddbe0445c3b909293

SHA256
b48764df100f9ad15b8d0a6a6b43b905c0effe326fd987d3ff90ec0793cf290f

SHA512
4bc9c619f85473036ab06ac61b8ff331c71b865b4c33b25b1a71d0f94dc27655e21b5f4472c4c0c4f80d7283a85425b88d60c9d2e3bae970048f5932360a928c

Download Submit
memory/1764-20-0x00000000053C0000-0x00000000053D8000-memory.dmp

Filesize
96KB

Download
memory/1764-4-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1764-35-0x0000000007CC0000-0x0000000007CC8000-memory.dmp

Filesize
32KB

Download
memory/1764-38-0x0000000008BF0000-0x0000000008DB2000-memory.dmp

Filesize
1.8MB

Download
memory/1764-6-0x0000000073D60000-0x0000000074510000-memory.dmp

Filesize
7.7MB

Download
memory/1764-1-0x0000000076EE2000-0x0000000076EE3000-memory.dmp

Filesize
4KB

Download
memory/1764-15-0x000000006EDC0000-0x000000006EDF4000-memory.dmp

Filesize
208KB

Download
memory/1764-14-0x0000000072770000-0x00000000727F9000-memory.dmp

Filesize
548KB

Download
memory/1764-16-0x0000000073D60000-0x0000000074510000-memory.dmp

Filesize
7.7MB

Download
memory/1764-34-0x00000000053C0000-0x00000000053D8000-memory.dmp

Filesize
96KB

Download
memory/1764-33-0x00000000053C0000-0x00000000053D8000-memory.dmp

Filesize
96KB

Download
memory/1764-2-0x0000000076EE3000-0x0000000076EE4000-memory.dmp

Filesize
4KB

Download
memory/1764-52-0x0000000073D60000-0x0000000074510000-memory.dmp

Filesize
7.7MB

Download
memory/1764-3-0x0000000073D6E000-0x0000000073D6F000-memory.dmp

Filesize
4KB

Download
memory/1764-5-0x0000000004B00000-0x0000000004B92000-memory.dmp

Filesize
584KB

Download
memory/1764-39-0x0000000009170000-0x000000000969C000-memory.dmp

Filesize
5.2MB

Download
memory/1764-37-0x0000000008100000-0x000000000810E000-memory.dmp

Filesize
56KB

Download
memory/1764-36-0x0000000008B90000-0x0000000008BC8000-memory.dmp

Filesize
224KB

Download
memory/1764-41-0x0000000073D60000-0x0000000074510000-memory.dmp

Filesize
7.7MB

Download
memory/1764-42-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1764-45-0x0000000073D60000-0x0000000074510000-memory.dmp

Filesize
7.7MB

Download
memory/1764-46-0x000000006EDC0000-0x000000006EDF4000-memory.dmp

Filesize
208KB

Download
memory/1764-49-0x00000000053C0000-0x00000000053D8000-memory.dmp

Filesize
96KB

Download
memory/1764-51-0x00000000053C0000-0x00000000053D8000-memory.dmp

Filesize
96KB

Download
memory/1764-50-0x00000000053C0000-0x00000000053D8000-memory.dmp

Filesize
96KB

Download
memory/1764-0-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download