Overview

overview

7

Static

static

3

1934780c2e...18.exe

windows7-x64

7

1934780c2e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 07:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1934780c2efc80f4f7481b3627ca6ba8_JaffaCakes118.exe

  • Size

    2.0MB

  • MD5

    1934780c2efc80f4f7481b3627ca6ba8

  • SHA1

    810918b3c69efc7d9c70850f666a36c9c804cc6e

  • SHA256

    989fbf2769ee5e3b7606f61f0e3a6a3023267bd924981d2682bd78d849d64ddc

  • SHA512

    2909026d1bbc48e9a714b3de1dfbd63b40d58d3b5e071cb5eff7f0f4d6fafb706e34908228d4a81aa0c3f3b99a6e6db76476fc4bffbbf18e66bf15958f72fff4

  • SSDEEP

    49152:khA4gc2fHCVaBv731hRYe8vw70BrK4CEQH1oZh9IrNb:AgJfiERxyvn7A1oyhb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1934780c2efc80f4f7481b3627ca6ba8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1934780c2efc80f4f7481b3627ca6ba8_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:3016
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1020

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\E_N4\com.run
      Filesize

      260KB

      MD5

      7ca7d519d830ef1d9bc227c87e1cb576

      SHA1

      a8885e989e619e712a7637d00567dd7f0473b124

      SHA256

      ddd9c7b31401d3d7f6e5a61b5f1fbafd02c10caca4c29b473be2aaa092d79876

      SHA512

      523301d7086f1c60ac66356eab68b84fbba65d7dde71a9b4ec1f46be9866b29cbe0878d958de4b1197fd08a343cfa2bae4ce42e895d172e4b0887f2db1d472f2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E_N4\eSocket.fne
      Filesize

      164KB

      MD5

      fd4c44aaf7f155bd6f9932530572a110

      SHA1

      0e81408a9e4203354652fd64df388e340a2ca837

      SHA256

      571e173336fd8cae8cb68ee867d1957cd8d03c7b1ddc17b51862c9d6a8d76126

      SHA512

      44b9e2c5afb1e99989c6abccff392ae63d32f003107bd3342012f417cba63489fb7453ac007885d4a71f5e2a617fb1ebc6dd2b1e62d82782efd698019aecf1f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E_N4\jedi.fne
      Filesize

      1007KB

      MD5

      d7f30abb51b9962e4e42ed4848189012

      SHA1

      3a4ec749b6dfb02148e8990ff3a271153c633a08

      SHA256

      ba10755fddf6ff3212a6d9351e54304e3308ba1119eabacfc9f5bd8c00350bbd

      SHA512

      e81f337db46e91b0097252b58b5105fe6d99c41e4d8da4b7baf512acbc3d74fe49dad21ec0509f10d3dcad231e8558bacc4b5b7635aeec13bf78ef0479df0e35

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
      Filesize

      1.0MB

      MD5

      dde0681ba7a02bbb1c9b756af7e53fd2

      SHA1

      eb1310a5848614d89e71e76bf6beee497a068017

      SHA256

      f1efcaa3a7b5bf98819ec0076984f4af595d595c2553f4eec454e6d96f2bf080

      SHA512

      1f9892ea5727159e7f0ec836dac78bd6923f7b803e5f39113a14c27b4bea5353503a7b998088cdf8ad0f0920e66a241c588bec0b2cab6b02157b54ab4ce30ff1

      Download Submit

    • memory/3016-0-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3016-15-0x00000000026B0000-0x00000000026FA000-memory.dmp

      Filesize

      296KB

      Download

    • memory/3016-22-0x0000000004D20000-0x0000000004E21000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3016-28-0x0000000004F40000-0x0000000004F6C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/3016-33-0x0000000004690000-0x0000000004691000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3016-32-0x0000000004D20000-0x0000000004E21000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3016-35-0x0000000000400000-0x0000000000454000-memory.dmp

      Filesize

      336KB

      Download