Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2024 22:24

General

  • Target

    17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe

  • Size

    857KB

  • MD5

    17c070c8fbd2c94921420f66888c6dbc

  • SHA1

    da023efa6012d256ff5c9b82c9f1c6face3dea51

  • SHA256

    1234deea6f6da63ae88da1c36508f34df924e8ed1410d9b410eec38b9d669f88

  • SHA512

    206f32e66daf4045c9c50c6038226f972868d01bab014a2bdf879bc55b58ab7d6a5eadebbd051331ca3310b7c7c923c8b672509aacd3f982e90c674eec3b73ad

  • SSDEEP

    12288:qmoG6rEf/zmY4a72PDsw2TBftcJJN+6CS9DJmHc4hL+yZXlZnMG:qNw/zL4G2PenYJNxJmNBZ

Score
7/10

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 188
      2⤵
      • Program crash
      PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2252-0-0x0000000000400000-0x00000000004D6000-memory.dmp
    Filesize

    856KB

  • memory/2252-3-0x0000000000400000-0x00000000004D6000-memory.dmp
    Filesize

    856KB