Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 09:14
Static task
static1
Behavioral task
behavioral1
Sample
66c2ce11b3636ee5f3ed0192f50ee19d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
66c2ce11b3636ee5f3ed0192f50ee19d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
66c2ce11b3636ee5f3ed0192f50ee19d_JaffaCakes118.exe
-
Size
2.0MB
-
MD5
66c2ce11b3636ee5f3ed0192f50ee19d
-
SHA1
2afa665e2d4c2638cdede1ea2e9927ef8f9c4b58
-
SHA256
cd835337d63770d64b22847ce303efbeeeae7e08b9894e20d71632bc828b139c
-
SHA512
ec0fff72e69dc2e23a926013edd1fcaeab3afa06f3db6ba983ed1e86f081b3190b89975d7f39c567b2868236c87b1615be85edbae374119efb0e9d1ed345cb06
-
SSDEEP
49152:vKKzKtoceRyBrtvVfMe401oLpUOvys5Oj:vHK2o9z40ClUOvyV
Malware Config
Extracted
sendsafe
UNREGISTERED
91.220.131.94:50023
91.220.131.94:50024
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe payload 5 IoCs
Processes:
resource yara_rule behavioral2/memory/4788-7-0x0000000000400000-0x0000000000607000-memory.dmp sendsafe behavioral2/memory/4788-6-0x0000000000400000-0x0000000000607000-memory.dmp sendsafe behavioral2/memory/4788-5-0x0000000000400000-0x0000000000607000-memory.dmp sendsafe behavioral2/memory/4788-3-0x0000000000400000-0x0000000000607000-memory.dmp sendsafe behavioral2/memory/4788-10-0x0000000000400000-0x0000000000607000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
66c2ce11b3636ee5f3ed0192f50ee19d_JaffaCakes118.exepid process 4788 66c2ce11b3636ee5f3ed0192f50ee19d_JaffaCakes118.exe 4788 66c2ce11b3636ee5f3ed0192f50ee19d_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4788-0-0x0000000000400000-0x0000000000607000-memory.dmpFilesize
2.0MB
-
memory/4788-7-0x0000000000400000-0x0000000000607000-memory.dmpFilesize
2.0MB
-
memory/4788-8-0x00000000024C0000-0x0000000002672000-memory.dmpFilesize
1.7MB
-
memory/4788-6-0x0000000000400000-0x0000000000607000-memory.dmpFilesize
2.0MB
-
memory/4788-5-0x0000000000400000-0x0000000000607000-memory.dmpFilesize
2.0MB
-
memory/4788-3-0x0000000000400000-0x0000000000607000-memory.dmpFilesize
2.0MB
-
memory/4788-1-0x0000000000400000-0x0000000000607000-memory.dmpFilesize
2.0MB
-
memory/4788-9-0x0000000000401000-0x0000000000560000-memory.dmpFilesize
1.4MB
-
memory/4788-10-0x0000000000400000-0x0000000000607000-memory.dmpFilesize
2.0MB