Overview

overview

8

Static

static

7

0dab332047...18.exe

windows7-x64

8

0dab332047...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 10:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0dab33204721f5f91dbbe561a56178eb_JaffaCakes118.exe

  • Size

    776KB

  • MD5

    0dab33204721f5f91dbbe561a56178eb

  • SHA1

    94e65b87e818e2358198c472d942785d18010968

  • SHA256

    5b65e4a70ff387b02795174a5530cf9819b4bcf3d886500d3e479498c45263cb

  • SHA512

    1aa3a39467137897ff9cefeaa475ece71e95192ed90d9e4aba3d347d134e831dfa84164ef075e217fc9efc0da768c3594a7c371b2fb4e990d71a25f7c82abfac

  • SSDEEP

    12288:KYp964scY6gOOjvS6tLTHDWKUJdz1a9loyRqvF7vSSl+AegMCIo9KQ:R82gJPx8JdE9lold6LgMCI

Score
8/10
vmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0dab33204721f5f91dbbe561a56178eb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0dab33204721f5f91dbbe561a56178eb_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Suspicious use of SetWindowsHookEx
    PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\drivers\etc\hosts
    Filesize

    4KB

    MD5

    e02bdc9f9f88b9dd419576ede47da279

    SHA1

    05c0be576a4cd4a343014fb0560270011539376c

    SHA256

    fb8778260ce48026bca77b082f72dee36e014fa7017004141055d6e248fe8ba2

    SHA512

    ff1882cf4de663267826c04d404e82db597b805eb0b8923db927bbd64b1d06043579acaeeb26217ab1efe11c1ebfda9d40cb00331c96c0197854527aa7e7f285

    Download Submit

  • memory/1280-0-0x0000000000400000-0x0000000000624000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1280-1-0x0000000000400000-0x0000000000624000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1280-1488-0x0000000000400000-0x0000000000624000-memory.dmp

    Filesize

    2.1MB

    Download