Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 22:24
Behavioral task
behavioral1
Sample
17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe
-
Size
857KB
-
MD5
17c070c8fbd2c94921420f66888c6dbc
-
SHA1
da023efa6012d256ff5c9b82c9f1c6face3dea51
-
SHA256
1234deea6f6da63ae88da1c36508f34df924e8ed1410d9b410eec38b9d669f88
-
SHA512
206f32e66daf4045c9c50c6038226f972868d01bab014a2bdf879bc55b58ab7d6a5eadebbd051331ca3310b7c7c923c8b672509aacd3f982e90c674eec3b73ad
-
SSDEEP
12288:qmoG6rEf/zmY4a72PDsw2TBftcJJN+6CS9DJmHc4hL+yZXlZnMG:qNw/zL4G2PenYJNxJmNBZ
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2252-0-0x0000000000400000-0x00000000004D6000-memory.dmp aspack_v212_v242 behavioral1/memory/2252-3-0x0000000000400000-0x00000000004D6000-memory.dmp aspack_v212_v242 -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2128 2252 WerFault.exe 17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exepid process 2252 17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exedescription pid process target process PID 2252 wrote to memory of 2128 2252 17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe WerFault.exe PID 2252 wrote to memory of 2128 2252 17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe WerFault.exe PID 2252 wrote to memory of 2128 2252 17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe WerFault.exe PID 2252 wrote to memory of 2128 2252 17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\17c070c8fbd2c94921420f66888c6dbc_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 1882⤵
- Program crash