Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 13:38

General

  • Target

    067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe

  • Size

    21KB

  • MD5

    067eb3b71b1641fd7c3cf19ad9e4e23d

  • SHA1

    fa70d8887e1a6fb41ac99b556790992072efbeba

  • SHA256

    402a0477efb344d75e835ab7a5b5065ff47dcc78db9ec1f62187c2d20f1db298

  • SHA512

    9ddd508be44d1c569f74c7c9db85749915445f8ea96da299927130805fb047bd9aedc7efdb3d1585a45968ddfcc6e2b9686bc16a48357570175e02be9921bf13

  • SSDEEP

    384:0SVgRHs4s0+VkGsqnqn/SZ7HnHzJhZy+i0WSjw861zGcuTRGVzZ:xmUZbnTJ/Wg6kcuTkVzZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5108
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\067eb3b71b1641fd7c3cf19ad9e4e23d_JaffaCakes118.exe"
      2⤵
        PID:2272

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\tmp641E.tmp

            Filesize

            3KB

            MD5

            35e8eed0a655e797fcad6f9c04d30f5f

            SHA1

            b5f221b68d6fc34d4eed72eefb1e183f4c99f048

            SHA256

            a91c9e27f0ef8ee870ff0cfcdb6550bc3896ed08d5f8706a12f9fda63dbe72ff

            SHA512

            ac699f304935289b41bbb89eb3b551824f31e965e50f005cf4cb2f0ffa9a8e666f0271ef64a1113662b1ddc33b21b378514171922fad9805aa9958ce6860c6f6

          • C:\Windows\SysWOW64\gddhi32.dll

            Filesize

            17KB

            MD5

            0becf634be427d739c8e57885e9d38fd

            SHA1

            8c8b9a818b9c1d14e0696c1e6f4876327fe52dc5

            SHA256

            8ab452a7b71bc4e1d8cae2a72d0cb72682798e24eb281dcf096a4ddfc01d7ff7

            SHA512

            f7a7af2db0b766a88192c46a8d6ee19f21c58626cacafc05ed937a50b59a4673b0d957ca6e8b1a9b0c141a781b94c4925285161570a453ddabeb047bab28c90e

          • C:\name.log

            Filesize

            58B

            MD5

            5602febf87bd4c535da2d4e90f56e52b

            SHA1

            e563ac3a277e614480525dc60061a06afe1a0419

            SHA256

            569f5ce34e8e491d1b425b57cc90c1463d72eb531983727557802b17c148486b

            SHA512

            b0e8186706e004b800f3e554171c2a3d8c7391b5d0ba8694380fdfdd12fb09330033a1af29bdc8898a09fabad611aaa98e3deb51d2e4d6e1e0d524b673eddb0f

          • memory/5108-8-0x0000000025000000-0x0000000025022000-memory.dmp

            Filesize

            136KB

          • memory/5108-993-0x0000000025000000-0x0000000025022000-memory.dmp

            Filesize

            136KB