Overview

overview

7

Static

static

3

05970baff4...18.exe

windows7-x64

7

05970baff4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 11:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05970baff4b605cac3ca13bb646a5ee9_JaffaCakes118.exe

  • Size

    232KB

  • MD5

    05970baff4b605cac3ca13bb646a5ee9

  • SHA1

    4856601101feac83abd1f9b2e74cc13605ba66e3

  • SHA256

    89c1c950b60e0d4dedf3abc49ee112881749d188a195096a1d9798c283b3af5a

  • SHA512

    e5bb9be2129ea3f8248ef23a768d2cc6c3c0f2ee93ea9f70c9034367b307ee1c9e360209183b1fbe0ce2b490ce9a09581e6a31e5aa68586a8f3e19efc4c6a4a4

  • SSDEEP

    6144:QWONNb/ZAGrU4poomHg1j1VqoFh298acarOAFrExSVJBLk:Q5rtAGQbA1Jh298aqAFAxSV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05970baff4b605cac3ca13bb646a5ee9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\05970baff4b605cac3ca13bb646a5ee9_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4480
    • \??\c:\windows\SysWOW64\tasklist32.exe
      c:\windows\system32\tasklist32.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3856
      • \??\c:\windows\SysWOW64\tasklist32.exe
        c:\windows\system32\tasklist32.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\tasklist32.exe
    Filesize

    232KB

    MD5

    05970baff4b605cac3ca13bb646a5ee9

    SHA1

    4856601101feac83abd1f9b2e74cc13605ba66e3

    SHA256

    89c1c950b60e0d4dedf3abc49ee112881749d188a195096a1d9798c283b3af5a

    SHA512

    e5bb9be2129ea3f8248ef23a768d2cc6c3c0f2ee93ea9f70c9034367b307ee1c9e360209183b1fbe0ce2b490ce9a09581e6a31e5aa68586a8f3e19efc4c6a4a4

    Download Submit

  • memory/1232-16-0x0000000074DA0000-0x0000000074EFD000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1232-17-0x0000000000400000-0x0000000000814000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/1232-18-0x0000000000020000-0x0000000000022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1232-22-0x0000000000400000-0x0000000000814000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/3856-11-0x00000000001C0000-0x00000000001C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3856-10-0x0000000000400000-0x0000000000814000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/3856-12-0x0000000074DA0000-0x0000000074EFD000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3856-24-0x0000000000400000-0x0000000000814000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/3856-26-0x0000000000400000-0x0000000000814000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4480-2-0x0000000074DA0000-0x0000000074EFD000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4480-0-0x0000000000400000-0x0000000000814000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4480-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4480-23-0x0000000000400000-0x0000000000814000-memory.dmp

    Filesize

    4.1MB

    Download