d43b78152d20601a885fa81a13533b98354c4d36738b15b68a50a8527afc84d1

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
17-06-2024 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
Size

6.8MB
MD5

b7cc2b97b742acf8c8fc7a40a27dd494
SHA1

33d210ad8d34eb51576bb5147dd1f0b95a224776
SHA256

d43b78152d20601a885fa81a13533b98354c4d36738b15b68a50a8527afc84d1
SHA512

008bd57c25a7cf4219a944e007c9b9f6ba37a14b27859d00b65e1d9ac9b961946c2fb8cec36219cd2d24865f33467b7b4f189ee104dbe75db9b8f6af39767389
SSDEEP

196608:C4yhfT4dSj0VVAr3I3aXZ7Ro9eeyAuzfA:C46T4UjaKl5FRAu0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 7 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2208-40-0x0000000000400000-0x0000000001277000-memory.dmp	vmprotect
behavioral1/memory/2208-39-0x0000000000400000-0x0000000001277000-memory.dmp	vmprotect
behavioral1/memory/2208-41-0x0000000003450000-0x000000000361D000-memory.dmp	vmprotect
behavioral1/memory/2208-47-0x0000000000400000-0x0000000001277000-memory.dmp	vmprotect
behavioral1/memory/2208-43-0x0000000003450000-0x000000000361D000-memory.dmp	vmprotect
behavioral1/memory/2208-48-0x0000000000400000-0x0000000001277000-memory.dmp	vmprotect
behavioral1/memory/2208-49-0x0000000000400000-0x0000000001277000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
2208	b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b7cc2b97b742acf8c8fc7a40a27dd494_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-2-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2208-0-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2208-4-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2208-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2208-7-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2208-9-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2208-36-0x00000000007FF000-0x0000000000BB5000-memory.dmp

Filesize
3.7MB

Download
memory/2208-34-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2208-32-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2208-30-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2208-29-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2208-27-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2208-24-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2208-22-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2208-19-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2208-17-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2208-14-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2208-12-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2208-40-0x0000000000400000-0x0000000001277000-memory.dmp

Filesize
14.5MB

Download
memory/2208-39-0x0000000000400000-0x0000000001277000-memory.dmp

Filesize
14.5MB

Download
memory/2208-41-0x0000000003450000-0x000000000361D000-memory.dmp

Filesize
1.8MB

Download
memory/2208-47-0x0000000000400000-0x0000000001277000-memory.dmp

Filesize
14.5MB

Download
memory/2208-43-0x0000000003450000-0x000000000361D000-memory.dmp

Filesize
1.8MB

Download
memory/2208-48-0x0000000000400000-0x0000000001277000-memory.dmp

Filesize
14.5MB

Download
memory/2208-49-0x0000000000400000-0x0000000001277000-memory.dmp

Filesize
14.5MB

Download