8b68b6df220527237b2e95da76e5a1e4bf9cb1cfadbf8446732a93623a2d4a0c

Analysis

max time kernel
145s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 04:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5d1308a021bbc57ca8f23a7e559a4e4f_JaffaCakes118.exe
Size

7.1MB
MD5

5d1308a021bbc57ca8f23a7e559a4e4f
SHA1

0b371cd714383452148276dc42f184e055449b43
SHA256

8b68b6df220527237b2e95da76e5a1e4bf9cb1cfadbf8446732a93623a2d4a0c
SHA512

70ab1685ceec8b30f3eb3ced2903fdd3019dea35104a4f7c4e45c096fdd65c7dc3c66b57356b3a388646d2f27aa8a589844da55674499e07004dda34f001b08a
SSDEEP

196608:86DvJp/bsuMP0vwDoZxip5lHiGhRs5dzn:JDvX/bNvv6oZxiXlHVQ

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2176	5d1308a021bbc57ca8f23a7e559a4e4f_JaffaCakes118.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2176-0-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-7-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-9-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-10-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-11-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-12-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-13-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-14-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-15-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-16-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-17-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-18-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-19-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-20-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-21-0x0000000000400000-0x000000000070D000-memory.dmp	upx
behavioral1/memory/2176-22-0x0000000000400000-0x000000000070D000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2176	5d1308a021bbc57ca8f23a7e559a4e4f_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	5d1308a021bbc57ca8f23a7e559a4e4f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5d1308a021bbc57ca8f23a7e559a4e4f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d1308a021bbc57ca8f23a7e559a4e4f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\[0E1B731B-10D3-4994-8E3F-F7D29236B766]\ptewma.dll

Filesize
88KB

MD5
3e7120d5f23a37451cfc5cbe8440259e

SHA1
ca857f93087a806e64ed7a1ca297eb3f9354ad88

SHA256
68f3fbbb8ae5c46c439bb3c86637a66b27c8c8ae6e49a71b3e5e8a8c35bf1346

SHA512
130fc6cd7057734b391da472243d512dbbd8eee53d95ac15f0d73850f2b37ca3f97703127a14ea20d29864308993a2ff17a3fbf2e03bc9fea5a7491ca572e7aa

Download Submit
memory/2176-12-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-1-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2176-5-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2176-6-0x0000000073EC0000-0x0000000073ED5000-memory.dmp

Filesize
84KB

Download
memory/2176-7-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-8-0x0000000073EC0000-0x0000000073ED5000-memory.dmp

Filesize
84KB

Download
memory/2176-9-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-10-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-0-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-11-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-15-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-14-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-13-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-16-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-17-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-18-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-19-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-20-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-21-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2176-22-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download