Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 10:37 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe
Resource
win7-20240508-en
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe
Resource
win10v2004-20240704-en
2 signatures
150 seconds
General
-
Target
283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe
-
Size
327KB
-
MD5
283f49e1e7af1107ce1fdb3e62815026
-
SHA1
530230d0caede75419be075691a37b3295a6b9ae
-
SHA256
dab5d49baf62b43b7f95df3f0e0070a42975f0239fc3e2e2da161b00540927c6
-
SHA512
7558ae9bc436d8775c7610d96670eb6854771b51a120d5d472ba2bc5daeb4cba2361c50ae3c674e3e51dbeea3c1d1678dfb69a879c103b97dce6aa24e8926e31
-
SSDEEP
6144:AdHFCf9vsBqU8cCK6Taz6u/eHu+QqKTSs6Nj81YFrec:QFTBqU806OzMdaSsKFT
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1380 set thread context of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85 -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1380 wrote to memory of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85 PID 1380 wrote to memory of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85 PID 1380 wrote to memory of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85 PID 1380 wrote to memory of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85 PID 1380 wrote to memory of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85 PID 1380 wrote to memory of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85 PID 1380 wrote to memory of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85 PID 1380 wrote to memory of 2364 1380 283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1380 -
C:\Users\Admin\AppData\Local\Temp\283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\283f49e1e7af1107ce1fdb3e62815026_JaffaCakes118.exe"2⤵PID:2364
-
Network
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request136.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
No results found
-
70 B 133 B 1 1
DNS Request
73.144.22.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
136.32.126.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa