Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20/06/2024, 13:38
Static task
static1
Behavioral task
behavioral1
Sample
067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe
-
Size
21KB
-
MD5
067eb3b71b1641fd7c3cf19ad9e4e23d
-
SHA1
fa70d8887e1a6fb41ac99b556790992072efbeba
-
SHA256
402a0477efb344d75e835ab7a5b5065ff47dcc78db9ec1f62187c2d20f1db298
-
SHA512
9ddd508be44d1c569f74c7c9db85749915445f8ea96da299927130805fb047bd9aedc7efdb3d1585a45968ddfcc6e2b9686bc16a48357570175e02be9921bf13
-
SSDEEP
384:0SVgRHs4s0+VkGsqnqn/SZ7HnHzJhZy+i0WSjw861zGcuTRGVzZ:xmUZbnTJ/Wg6kcuTkVzZ
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 5108 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\gddhi32.dll 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe File created C:\Windows\SysWOW64\gddhi32.dll 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe File created C:\Windows\SysWOW64\HookHelp.sys 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\gddhi32.cfg 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5108 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe 5108 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found 676 Process not Found -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5108 wrote to memory of 2272 5108 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe 85 PID 5108 wrote to memory of 2272 5108 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe 85 PID 5108 wrote to memory of 2272 5108 067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5108 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe"2⤵PID:2272
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD535e8eed0a655e797fcad6f9c04d30f5f
SHA1b5f221b68d6fc34d4eed72eefb1e183f4c99f048
SHA256a91c9e27f0ef8ee870ff0cfcdb6550bc3896ed08d5f8706a12f9fda63dbe72ff
SHA512ac699f304935289b41bbb89eb3b551824f31e965e50f005cf4cb2f0ffa9a8e666f0271ef64a1113662b1ddc33b21b378514171922fad9805aa9958ce6860c6f6
-
Filesize
17KB
MD50becf634be427d739c8e57885e9d38fd
SHA18c8b9a818b9c1d14e0696c1e6f4876327fe52dc5
SHA2568ab452a7b71bc4e1d8cae2a72d0cb72682798e24eb281dcf096a4ddfc01d7ff7
SHA512f7a7af2db0b766a88192c46a8d6ee19f21c58626cacafc05ed937a50b59a4673b0d957ca6e8b1a9b0c141a781b94c4925285161570a453ddabeb047bab28c90e
-
Filesize
58B
MD55602febf87bd4c535da2d4e90f56e52b
SHA1e563ac3a277e614480525dc60061a06afe1a0419
SHA256569f5ce34e8e491d1b425b57cc90c1463d72eb531983727557802b17c148486b
SHA512b0e8186706e004b800f3e554171c2a3d8c7391b5d0ba8694380fdfdd12fb09330033a1af29bdc8898a09fabad611aaa98e3deb51d2e4d6e1e0d524b673eddb0f