ebc8f263fd5391bc0352af40b7859b093742fe27a5bb7f90e6a55fd12667a2f0

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 00:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118.exe
Size

1.8MB
MD5

7742ea51a7d42c24c8f14486e0f8ea33
SHA1

9d5344689db9de4f447fc0bafc2d652c278a4871
SHA256

ebc8f263fd5391bc0352af40b7859b093742fe27a5bb7f90e6a55fd12667a2f0
SHA512

3c434d87aeeefb9166a3aed76a00a28e2d443f17c9b70a4e83df7743a92f98bf0bababfab96ddee7c287205fd2ac4598c252373a741389def5ad912d72e58a87
SSDEEP

49152:WVd8xZGhCHCdUBlcYiVz4+AH/jDkMVcbnuVNiDO5r3hzKMA:5ZGh2GUEV/RGcDuVwDO5rx2M

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/3000-40-0x0000000000400000-0x00000000007B7000-memory.dmp	vmprotect
behavioral1/memory/3000-39-0x0000000000400000-0x00000000007B7000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3000	7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118.exe
3000	7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7742ea51a7d42c24c8f14486e0f8ea33_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3000-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3000-34-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/3000-32-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/3000-40-0x0000000000400000-0x00000000007B7000-memory.dmp

Filesize
3.7MB

Download
memory/3000-39-0x0000000000400000-0x00000000007B7000-memory.dmp

Filesize
3.7MB

Download
memory/3000-30-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/3000-29-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/3000-27-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/3000-24-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/3000-22-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/3000-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/3000-17-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/3000-14-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/3000-12-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/3000-9-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3000-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3000-5-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3000-37-0x0000000000426000-0x00000000005EE000-memory.dmp

Filesize
1.8MB

Download
memory/3000-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3000-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3000-41-0x0000000002660000-0x00000000026A4000-memory.dmp

Filesize
272KB

Download
memory/3000-42-0x0000000004BB0000-0x0000000004BF4000-memory.dmp

Filesize
272KB

Download