1d5850fb2b59b0713bf9c802beca0e534c45660897231396315fd366d03217a8

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 08:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
Size

1.3MB
MD5

0753b382d79e6ccb22f9fd435e007ddf
SHA1

30cf7054fef620a9b9fb0c49a2d094404ecd1b56
SHA256

1d5850fb2b59b0713bf9c802beca0e534c45660897231396315fd366d03217a8
SHA512

eab90f9e58349ec7fa57d7a9a15f84a075b9afa0f2deba032c8dcab5cea7a00e35bbca58368679ad22fde9569333d63f81d338bb70b955ffde72f669a1c7d427
SSDEEP

24576:jv8ohqj1elIsQBFhPviKYigyUwqM2qyCQZhHx6QbEFVj3NKrp7ZgKy:z8ogB+gBFhPXDUVX3xdo/NY1Z

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000c00000001342e-12.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2284	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c00000001342e-12.dat	upx
behavioral1/memory/2284-14-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/2284-17-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/2284-20-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/2284-19-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/2284-18-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/2284-23-0x0000000010000000-0x0000000010043000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\system\Skin.dll	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
File created	C:\WINDOWS\system\QQ2009.she	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2284	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
2284	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
2284	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\system\Skin.dll

Filesize
98KB

MD5
4e70aa97f22995853da109a2a05b1335

SHA1
16d243efe827436907a65aeafcd02312960225a0

SHA256
ee59d2fd30511ce7611a4a229610584a52678d9423f41c23e2aaae56b211bd4f

SHA512
1aed4011fcbb0eabc14d236d0aea4b54e33d02365777196ceb22d84aaf4de7469bda0f5d124bd022c3c1c3748cd6467008cef0de1f0f025e7a324fbc7152854e

Download Submit
memory/2284-9-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-3-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-1-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-6-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-0-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-8-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-7-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-5-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-2-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-4-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-15-0x000000001000A000-0x000000001000B000-memory.dmp

Filesize
4KB

Download
memory/2284-17-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2284-14-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2284-20-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2284-19-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2284-18-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2284-21-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-23-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2284-30-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/2284-32-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download