Analysis
-
max time kernel
141s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 18:07
Static task
static1
Behavioral task
behavioral1
Sample
6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exe
-
Size
1.8MB
-
MD5
6079f2d16be35cd6aa4d6225d6d61dd5
-
SHA1
c47b3d3936041acfb2069a883ea25a8d17b976ef
-
SHA256
f714d214cbc968eabb697e2a63427ae7cfa86a358c0e80da0e887bbaf33b0245
-
SHA512
c4c04947d45307b8d17c7eae8ff28da6e02de198791708767bb03c82a0207d529a7e34d97b01ab2ebc4678f1a32b212d17ee47f91a03ac1da47511e2b2296d50
-
SSDEEP
49152:rEOYCOyarEdD8YPujyuAJhqDI0quQql3DnxN:slyacIAuyJhqEEQql3t
Malware Config
Extracted
sendsafe
UNREGISTERED
31.184.198.249:50003
31.184.198.249:50004
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2660-1-0x0000000000400000-0x00000000005C9000-memory.dmp sendsafe behavioral1/memory/2660-2-0x0000000000400000-0x00000000005C9000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exepid process 2660 6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exepid process 2660 6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118.exe