Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20/06/2024, 12:01
Static task
static1
Behavioral task
behavioral1
Sample
05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe
-
Size
76KB
-
MD5
05cdfb4b706fb9cd7d6a7bda1c914e2f
-
SHA1
600b39263330c0540663258a90b80e969a66b51a
-
SHA256
be9f21483d3992e06ab32dd76b07f33efa28e5fd58c3e2028918cef7bbd5ecbf
-
SHA512
88d8361445503f7699ac6a0cdc1246abbb06071b58fb9380ec00ab8daf4a1961fafec9140c6f54981a27d4d8d0a786d841449406f5eeba481b9761ad3e6f1447
-
SSDEEP
1536:/WCxNHViTUuhH+HnqqXznnGIu8X+o+2K:XLHViwuheHnqYjGIu84
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 452 servicesc.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe 452 servicesc.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 452 servicesc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3532 wrote to memory of 60 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 83 PID 3532 wrote to memory of 60 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 83 PID 3532 wrote to memory of 60 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 83 PID 3532 wrote to memory of 452 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 85 PID 3532 wrote to memory of 452 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 85 PID 3532 wrote to memory of 452 3532 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3532 -
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32" /v wavemapper /t reg_sz /d "msaom32.drv" /f2⤵PID:60
-
-
C:\Users\Admin\AppData\Local\Temp\servicesc.exeC:\Users\Admin\AppData\Local\Temp\servicesc.exe 05cdfb4b706fb9cd7d6a7bda1c914e2f_JaffaCakes118.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:452
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD59c0c3f36050671fd62bbc9fb99c96113
SHA10722154e81a065baebd42df01b451f1b25e7e217
SHA256d6fffe4e441dbb09c864a308a5606d38b9f0f6e5d51eb944b111229118433a96
SHA512bb28a9d8e990e977630e3c42daee6d31274ce3006258bf902b7c3902f422090e2f168d109a195f0e58b5c96fd5a61f17440c7d5370d90e4cb99d9f4b8f7070dc