Overview

overview

7

Static

static

3

2bedf76843...18.exe

windows7-x64

7

2bedf76843...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08-07-2024 10:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bedf7684380d97a55c834a903f4f1d2_JaffaCakes118.exe

  • Size

    767KB

  • MD5

    2bedf7684380d97a55c834a903f4f1d2

  • SHA1

    e9faa5078eb83deb38e2a940bb093940d07a788d

  • SHA256

    1c36c2a192b20deb43f2c5ea29a970dd9b290d487db302db66e0f1f17515c808

  • SHA512

    242bd1b4f720dd34214c5fcfa36075764225de553b6a144ef0ac00eb7dd173c0da7677a01889a95fcaa6c4fff0498b1ea66b351b3bda884c1a1356d893dfbebe

  • SSDEEP

    12288:QvFHYyROKoDsTgWP75HphyvNNUxAL5ioOaEOexmY35kh+/AQY3yOg0zbTt5EfdBS:QvFIY75fyb1hqxhS3gSbJ2Yr

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bedf7684380d97a55c834a903f4f1d2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2bedf7684380d97a55c834a903f4f1d2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_4\EThread.fne
    Filesize

    48KB

    MD5

    dea0f82bf5bd6031c47749f5dde40782

    SHA1

    36293ba7a762cce2363c8b8748d9bda29bd6ffd5

    SHA256

    59da32423590cd24a9191371aef40c9f9934a9a880f2fa2cda94343eda23bb4a

    SHA512

    dd7a0d25c46aa333eae630e796a20278345f5556af52a3e3f2f5e9f0bbea06ae4facfb8770f78f3877d59b1ef5597241864991eef0edcba05f92f1f3d4aee203

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_4\iext3.fne
    Filesize

    380KB

    MD5

    cd85405e61891266a0ce97aedf37182e

    SHA1

    fe031548d0a50f733e9b1f48b5a3d1d06bb68f7d

    SHA256

    4417e6add341fe7e6afce4fb3d2ae7f3cfc4dbab156a009471cc24aa4485577a

    SHA512

    0be04aa87e45a87035b0313ebd6e6d1c5cd6974f6b7fd05fe0c497a522be89c1e689d4b744f928d54504950b368da69696822b7776e3b7b46311e22cd37d3ea4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_4\krnln.fnr
    Filesize

    1.1MB

    MD5

    c041498e60183fe841392ec977c68c19

    SHA1

    ff6bc69d14c6cb121d12ee9656cd0c4d2d702a6e

    SHA256

    69449597575314e59e8dde419f582e93ee04ec45414b4558b02ada148072a982

    SHA512

    75066d211c5721a3176a8e52464171d036695993442ba817a0271c033f39bb4c480ac836042611d3c0f25554290f26c000027838f50ff71ce6fde8e7438968c5

    Download Submit

  • memory/2500-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2500-12-0x00000000002A0000-0x00000000002AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2500-8-0x0000000001F10000-0x0000000001F7F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2500-16-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download