Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16/06/2024, 22:10

General

  • Target

    b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe

  • Size

    46KB

  • MD5

    b56dd8c2abce8077d62a276e3497ce96

  • SHA1

    0e0a3abed79cee281a95233a514d71796ca17d9b

  • SHA256

    24071cb5fe9165bf438776aa0c02d8c57745165081d5e0e7feace34819fe7a6a

  • SHA512

    ca2d98a32042a23e060e0cd966720db559ea281c5c32910259b41d43f992697a684fe14badab645277b72e11885fcde46a69a47934067e72962be2331faf2ffd

  • SSDEEP

    768:MCCn3g/+4o+PW+zbWDLYtlQYqIJgSDqUSz9fkDjhdEzd:MCCn3g/z7/WDLYzZ+USxfkDjhY

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 7 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 96
      2⤵
      • Program crash
      PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\vVqWF.DRV

    Filesize

    32KB

    MD5

    dc1a5b37b9f5250acfa900b63bae8c67

    SHA1

    20a74a918b6fad06bbb4c0e99dc417b8cc579a67

    SHA256

    18bac98e82544f9f3aae55e73255bfdc64cc03b985192bbd7231e95f20b37a1b

    SHA512

    f2c88b5779b7847b46f0a7de3fbf7665a844c111bf273e8c7d3efa7644cffb412c9299eb45bbe0ad7266cc8e458567ef44805cceaebe64bdda18e70577c062ca