Overview

overview

7

Static

static

3

0bc845420d...18.exe

windows7-x64

7

0bc845420d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    57s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bc845420dfe863b6a0d1531005d9bc3_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    0bc845420dfe863b6a0d1531005d9bc3

  • SHA1

    636b063526aa2b17d226ae2e16e8e32c68261efa

  • SHA256

    836590dcc235eae9e349d66fed9db1b6efe8a1795e779176e904e23bcda575a8

  • SHA512

    01a2fd98bad0aa3ae060e266e998538fc9fdabc25776fb008ecc8bf06970ff5bf5de6002106c36979f2f39a4efc2b6a20e1d607a49fca282405942fbc7b8da67

  • SSDEEP

    24576:0SU65gZxLNjajuoLjf0Zf0T+uiYQn9PWKJ5vZUTBlQoajr6vr9:pPgDLICo/f0Zf0tiYQnkM5vOfMK9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bc845420dfe863b6a0d1531005d9bc3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0bc845420dfe863b6a0d1531005d9bc3_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7947.tmp
    Filesize

    378B

    MD5

    f3dd7684f7c28a32bdd4e5a8dfcdacf4

    SHA1

    2b79d99852c31c8ad4e4f92be641691cfc4e287d

    SHA256

    54f3a8745e705f5d1fc00e67db97b912c745ee47089b5f95ba99d8b8bd61947a

    SHA512

    46db4c553d3688902bc0e1f4b9204a080989e4c0e98befd14151bbb7844a9bd709fcbc08fd0b0efecc17150bd054ca64f81ca0d6f680b8c3625910edde7b77ac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\temp01.dll
    Filesize

    40KB

    MD5

    e0d350836bfdb31322210f5823dcb9de

    SHA1

    b3e0ac9ac16a1a3b3a66c47509218c2e98fccd1a

    SHA256

    8dea6a462fdf0a6127e646151c4c1e51b649e6b50abe5ac1ffb5ca65fca0a50c

    SHA512

    8c7adf84c9c338d5d1d84ceed10847076ba908a2a466e7cf0781349b1a5916e17001725b3e1aab68ecf4f279db2de2cd3e3b0172cc042d21392bac668195a8d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yec.dll
    Filesize

    48KB

    MD5

    3f2532ea6180626395b2006ffedf7fca

    SHA1

    6634801e48a16c1c40cde9ce4cf4080984251f21

    SHA256

    0175158308879005dbb4db2bcccd4459bfbbe8a7669a6485754eeaec637ea930

    SHA512

    85fa904de2bb73b04daed671b5d58aad683600ed3e41494aeee5bdf9243408031d32628a741caff4df855e39c72d4cc9d8440e79dd69139b1cf9e3ea59676502

    Download Submit

  • memory/3156-81-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-83-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-78-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-79-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-80-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-76-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-82-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-77-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-84-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-85-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-86-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-87-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-88-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3156-89-0x0000000000400000-0x00000000005B7000-memory.dmp

    Filesize

    1.7MB

    Download