Overview

overview

7

Static

static

1

687af4f359...18.exe

windows7-x64

7

687af4f359...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe

  • Size

    755KB

  • MD5

    687af4f35948aaab34f674b1ca5ab150

  • SHA1

    88de84c569823351d6e1ffc21ba6700f0a955d1a

  • SHA256

    2135550530f048bbb061e33498c38808213b0a6504b5e317090d9b67844de009

  • SHA512

    f0a13836c80f3c9d82172aec1109d05c845b7ecaf837d458eb8bb1eb3f005886b91a6ebfefe938b71086c4f7649ddacd1d0f5423d0722dc8998ebe4eac5d7ab9

  • SSDEEP

    12288:aQN20eCofhgVDNuK40ufbN64b6slOJ5B/N2j+aFUnQn53CI2tjyufeKrn:x40eCoJgD8H3T04nARN2H6nQn53lQjyS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\687af4f35948aaab34f674b1ca5ab150_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4152
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 2388
        3⤵
        • Program crash
        PID:3868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 2392
        3⤵
        • Program crash
        PID:4276
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 2376
        3⤵
        • Program crash
        PID:1348
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4152 -ip 4152
    1⤵
      PID:4588
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4152 -ip 4152
      1⤵
        PID:4548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4152 -ip 4152
        1⤵
          PID:116

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\setup.exe
          Filesize

          755KB

          MD5

          687af4f35948aaab34f674b1ca5ab150

          SHA1

          88de84c569823351d6e1ffc21ba6700f0a955d1a

          SHA256

          2135550530f048bbb061e33498c38808213b0a6504b5e317090d9b67844de009

          SHA512

          f0a13836c80f3c9d82172aec1109d05c845b7ecaf837d458eb8bb1eb3f005886b91a6ebfefe938b71086c4f7649ddacd1d0f5423d0722dc8998ebe4eac5d7ab9

          Download Submit

        • memory/2344-0-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/2344-1-0x000000000065C000-0x000000000065D000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2344-7-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/4152-8-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/4152-13-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/4152-17-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/4152-23-0x0000000000400000-0x000000000066D000-memory.dmp

          Filesize

          2.4MB

          Download