Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
16/06/2024, 22:10
Static task
static1
Behavioral task
behavioral1
Sample
b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe
-
Size
46KB
-
MD5
b56dd8c2abce8077d62a276e3497ce96
-
SHA1
0e0a3abed79cee281a95233a514d71796ca17d9b
-
SHA256
24071cb5fe9165bf438776aa0c02d8c57745165081d5e0e7feace34819fe7a6a
-
SHA512
ca2d98a32042a23e060e0cd966720db559ea281c5c32910259b41d43f992697a684fe14badab645277b72e11885fcde46a69a47934067e72962be2331faf2ffd
-
SSDEEP
768:MCCn3g/+4o+PW+zbWDLYtlQYqIJgSDqUSz9fkDjhdEzd:MCCn3g/z7/WDLYzZ+USxfkDjhY
Malware Config
Signatures
-
Drops file in System32 directory 7 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\dsound.dll b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\DllCache\dsound.dllvVqWF b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\DllCache\dsound.dll b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\dsound.dllvVqWF b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\dsound.dll.mod b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe File created C:\Windows\SysWOW64\dsound.dll.mod b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe File created C:\Windows\SysWOW64\dsound.dllvVqWF b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\system\vVqWF.DRV b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2944 2332 WerFault.exe 27 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2332 b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2944 2332 b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe 28 PID 2332 wrote to memory of 2944 2332 b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe 28 PID 2332 wrote to memory of 2944 2332 b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe 28 PID 2332 wrote to memory of 2944 2332 b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b56dd8c2abce8077d62a276e3497ce96_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 962⤵
- Program crash
PID:2944
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5dc1a5b37b9f5250acfa900b63bae8c67
SHA120a74a918b6fad06bbb4c0e99dc417b8cc579a67
SHA25618bac98e82544f9f3aae55e73255bfdc64cc03b985192bbd7231e95f20b37a1b
SHA512f2c88b5779b7847b46f0a7de3fbf7665a844c111bf273e8c7d3efa7644cffb412c9299eb45bbe0ad7266cc8e458567ef44805cceaebe64bdda18e70577c062ca