Overview

overview

7

Static

static

3

1b8079135d...18.exe

windows7-x64

7

1b8079135d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b8079135db7b0d6f887da8c1c1e39e9_JaffaCakes118.exe

  • Size

    701KB

  • MD5

    1b8079135db7b0d6f887da8c1c1e39e9

  • SHA1

    ebfda82be843dc7476ce848259f9ab3e416cf6db

  • SHA256

    42b770271d45b7bbce3a71df19008f3c5ff6f84bb310d5832a3fd13f433483ca

  • SHA512

    8bdf41e28475931cb60df4480867747db56a702c77d07715b9a3b07b953299ecc38b887b75582afc8377fd41d829cef704fdf4cf2038775d36c538160d0f2b97

  • SSDEEP

    12288:EhDVMAaPEXSQkb+UsESnX359TLldXlzlf/5+XYpDc5AM+r/K8IqcnHTJtD:EhBMjEXC+3LTBrpeAEAM+efq6lx

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Drops file in Windows directory 7 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b8079135db7b0d6f887da8c1c1e39e9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1b8079135db7b0d6f887da8c1c1e39e9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_N4\dp1.fne
    Filesize

    112KB

    MD5

    6d4b2e73f6f8ecff02f19f7e8ef9a8c7

    SHA1

    09c32ca167136a17fd69df8c525ea5ffeca6c534

    SHA256

    fe5783e64aa70fac10c2e42d460732d9770534357329d8bc78576557c165f040

    SHA512

    2fd7a95cb632e9c4ac6b34e5b6b875aae94e73cd4b1f213e78f46dadab4846227a030776461bca08f9d75a1d61a0d45427f7b0c8b71406b7debc14db04b2ce04

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N4\internet.fne
    Filesize

    192KB

    MD5

    0503d44bada9a0c7138b3f7d3ab90693

    SHA1

    c4ea03151eeedd1c84beaa06e73faa9c1e9574fc

    SHA256

    7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e

    SHA512

    f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
    Filesize

    1.1MB

    MD5

    638e737b2293cf7b1f14c0b4fb1f3289

    SHA1

    f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

    SHA256

    baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

    SHA512

    4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

    Download Submit

  • memory/2028-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2028-7-0x00000000002C0000-0x00000000002DE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2028-10-0x0000000000410000-0x000000000044F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2028-13-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download