1d5850fb2b59b0713bf9c802beca0e534c45660897231396315fd366d03217a8

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 08:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
Size

1.3MB
MD5

0753b382d79e6ccb22f9fd435e007ddf
SHA1

30cf7054fef620a9b9fb0c49a2d094404ecd1b56
SHA256

1d5850fb2b59b0713bf9c802beca0e534c45660897231396315fd366d03217a8
SHA512

eab90f9e58349ec7fa57d7a9a15f84a075b9afa0f2deba032c8dcab5cea7a00e35bbca58368679ad22fde9569333d63f81d338bb70b955ffde72f669a1c7d427
SSDEEP

24576:jv8ohqj1elIsQBFhPviKYigyUwqM2qyCQZhHx6QbEFVj3NKrp7ZgKy:z8ogB+gBFhPXDUVX3xdo/NY1Z

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000700000002328e-12.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
4572	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000002328e-12.dat	upx
behavioral2/memory/4572-15-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4572-18-0x0000000010000000-0x0000000010043000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\system\Skin.dll	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
File created	C:\WINDOWS\system\QQ2009.she	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4572	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
4572	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
4572	0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0753b382d79e6ccb22f9fd435e007ddf_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Skin.dll

Filesize
98KB

MD5
4e70aa97f22995853da109a2a05b1335

SHA1
16d243efe827436907a65aeafcd02312960225a0

SHA256
ee59d2fd30511ce7611a4a229610584a52678d9423f41c23e2aaae56b211bd4f

SHA512
1aed4011fcbb0eabc14d236d0aea4b54e33d02365777196ceb22d84aaf4de7469bda0f5d124bd022c3c1c3748cd6467008cef0de1f0f025e7a324fbc7152854e

Download Submit
memory/4572-9-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-6-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-2-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-3-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-0-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-1-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-4-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-7-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-8-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-5-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-15-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4572-18-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4572-17-0x000000001000A000-0x000000001000B000-memory.dmp

Filesize
4KB

Download
memory/4572-19-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-21-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download
memory/4572-23-0x0000000000400000-0x00000000006E1000-memory.dmp

Filesize
2.9MB

Download