Overview

overview

7

Static

static

3

0849994b83...18.exe

windows7-x64

7

0849994b83...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0849994b83eb44b41f4b1331a2783baf_JaffaCakes118.exe

  • Size

    380KB

  • MD5

    0849994b83eb44b41f4b1331a2783baf

  • SHA1

    623d0daf84640300dbaa7417fff44433948e0677

  • SHA256

    d5a53ee176f5f5e0e7c4514881dc37f4c319d95587a85bb1cc602db8dc7bbbc6

  • SHA512

    ecd4b8c1c0c14e26e18bf7df75e54fb8c51cf2b2d9a3b972cdf92f0c3a131768fbd326d40dcaa8484ba63e6fc0f7815945ff4ba96968b8bb392e81f07295de3d

  • SSDEEP

    6144:vuZBS2uyqr1wyWLDtc986QMAXuXlncZ4oITX+6f2nnxv5XOgpbAAdNOZ+:xt1WLDsDpdBQeqnHOnYO

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0849994b83eb44b41f4b1331a2783baf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0849994b83eb44b41f4b1331a2783baf_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3408
    • C:\Users\Admin\AppData\Local\Temp\0849994b83eb44b41f4b1331a2783baf_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\0849994b83eb44b41f4b1331a2783baf_JaffaCakes118.exe
      2⤵
        PID:9320

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1.84\cd.dll
      Filesize

      52KB

      MD5

      11604a1af886bd4cf428b98d86e2f8e1

      SHA1

      93aa72a76687b1ea8d0caa2b7f1ae219a6f1f1a5

      SHA256

      104ab0e5a4a923dba8baaac76cb8e063508ddb7e758d36875e676a483dce4435

      SHA512

      8e0406620f899458061a1fa3af36d3c82393587bb5eedfd619e71cf2e6563966689d20461e412f813a4dfe9d7429982e7e3c50e426608e5b55e4737fac27bf76

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.84\le.dll
      Filesize

      84KB

      MD5

      c97142d412ed7824db552f43e5fc3446

      SHA1

      9f0b55e0aeb9e1a6704f39d483ec793ebd532360

      SHA256

      bff36dfa67d3f94b15d668ac8aa98ccfd754c51954717b7a6a1cd98090c69d28

      SHA512

      f36d7bee8660ff828648f28f02205c121e460cbf894132f55d3269c0de11864b67d6796aa4c44aefb0cc2ed1f5b955d7e41a7a51c8e93e33f7782523713e29d7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.84\lri.dll
      Filesize

      80KB

      MD5

      645ca36178b2796083e0935b004abe7a

      SHA1

      84678b186116ec1601beaa5031b711a50909cfaa

      SHA256

      c04d4ed9c71a63af0ba505a5092a0c518d1b41de781febd13c19d214428cd0a7

      SHA512

      7a7284e20b78e682f9c1fe0400575eddf69847809d3e6171e2974cd51ccc06a0a84f5b0116fa809b556b10610ecff91b1b1759b1684b9e702b52cbbc2c60f013

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.84\lz.dll
      Filesize

      32KB

      MD5

      bdf4f5e4505e88e30aaf7eb1290ab4ca

      SHA1

      cd9bba6bbe76542fea9a9106fdcefc6ed980a892

      SHA256

      c4b24591744d3924d9d80fe5ef60a4ccf2c9ea63a89f8cf68732e27e03ee6225

      SHA512

      ae4cbae323feda3fe34775e32ed5aeebcd30169a7813e9d33accd2e77f1a9f11c22386a1dc210c132cc5415b346dbbfb5470a6f55c4c07ad087a1a1dafa3c922

      Download Submit

    • memory/3408-2540-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-5869-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-25-0x0000000000700000-0x0000000000715000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-21-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-1146-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-1403-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-1-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3408-3678-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-4157-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-29-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-8682-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-7592-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-9648-0x0000000010000000-0x0000000010015000-memory.dmp

      Filesize

      84KB

      Download

    • memory/3408-9647-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3408-9652-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/9320-9651-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/9320-9649-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download