Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 20:01
Behavioral task
behavioral1
Sample
b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe
-
Size
476KB
-
MD5
b9c66de119f83e863a49e8903969441a
-
SHA1
49773d5e60480274663094820e17e6057a47cea5
-
SHA256
78f740d60cc2b3b7200fc3fc7395e1a9c03cb373cea633ffa95d1591b94846c7
-
SHA512
18e89dcce4429b89613c34c090da7edb96c715874aca36b279a510ca236478760e034507d93f9212f49b1aaf7e7e5185c7175a9990d3260b69d55af84bbce3d2
-
SSDEEP
6144:LqXAoQT5Tr9R0HN/3w36EnCYLTcz6MY5NYnE/QhyjxJBErrZAWkPW5oeNtLjpK:mQRI/3w36EnCYcFE/iydJai/WZtU
Malware Config
Extracted
Family
urelas
C2
1.234.83.146
133.242.129.155
218.54.31.226
218.54.30.235
218.54.31.165
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2000 1952 WerFault.exe b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
b9c66de119f83e863a49e8903969441a_JaffaCakes118.exedescription pid process target process PID 1952 wrote to memory of 2000 1952 b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe WerFault.exe PID 1952 wrote to memory of 2000 1952 b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe WerFault.exe PID 1952 wrote to memory of 2000 1952 b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe WerFault.exe PID 1952 wrote to memory of 2000 1952 b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b9c66de119f83e863a49e8903969441a_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 1642⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1952-0-0x0000000000FF0000-0x000000000106F000-memory.dmpFilesize
508KB