Analysis
-
max time kernel
141s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 14:34
Static task
static1
Behavioral task
behavioral1
Sample
5f987fcd11a8f23f8e588834bb94d45f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5f987fcd11a8f23f8e588834bb94d45f_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
5f987fcd11a8f23f8e588834bb94d45f_JaffaCakes118.exe
-
Size
2.6MB
-
MD5
5f987fcd11a8f23f8e588834bb94d45f
-
SHA1
9a921cd7fad81437b94e0a068e0d7fafde707fa7
-
SHA256
0e95787dbf6c1a53bc263897540bd3726d323ad5f5a8890b10b18c584157c053
-
SHA512
4b3075349838fbf4f1afbee4c026023e9b519cdecabad171e3a1f07c4ad3063564f0ece3f70535234c9358b3ad9f891655173a90b1c25dde8369d7af187b5db7
-
SSDEEP
49152:X3x6z65bWvJGihDPn1ctlwkYppCyegmnVE:X3665baGQDP1cokYTCykn
Malware Config
Extracted
sendsafe
UNREGISTERED
31.44.184.160:50013
31.44.184.160:50014
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2164-1-0x0000000000400000-0x00000000005C9000-memory.dmp sendsafe behavioral1/memory/2164-2-0x0000000000400000-0x00000000005C9000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
5f987fcd11a8f23f8e588834bb94d45f_JaffaCakes118.exepid process 2164 5f987fcd11a8f23f8e588834bb94d45f_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
5f987fcd11a8f23f8e588834bb94d45f_JaffaCakes118.exepid process 2164 5f987fcd11a8f23f8e588834bb94d45f_JaffaCakes118.exe