Overview

overview

7

Static

static

7

2d046a4c1b...18.exe

windows7-x64

7

2d046a4c1b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2024 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d046a4c1bc77dc168b6580f0230087d_JaffaCakes118.exe

  • Size

    5.3MB

  • MD5

    2d046a4c1bc77dc168b6580f0230087d

  • SHA1

    b26825ed97605859f67f24c3fe4a01b1aa7722ea

  • SHA256

    bf426c73104051ba9161f7f9188beece4869e78b7e316d6da210058ad7ab2617

  • SHA512

    0dd206ee38bd19be8c4df21f7d9a0d3008b97893604dc232b898f099dc3414eb174f596fac420eac323c32f7100eea0235b8d803845859e48d38dca9e925f498

  • SSDEEP

    98304:IJSExEaWAIhpzpJq35nyhmgMn+KbAOrS+JEqOlwg2HesPKW1BP1Xj5VXI:G3NW9rD05noDMn+oAfqPg2+sB1VXI

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d046a4c1bc77dc168b6580f0230087d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2d046a4c1bc77dc168b6580f0230087d_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1936-0-0x00007FF68C2B0000-0x00007FF68C61A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1936-1-0x00007FFF37E70000-0x00007FFF37E72000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1936-2-0x00007FFF37E80000-0x00007FFF37E82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1936-6-0x00007FF68C290000-0x00007FF68CB63000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1936-7-0x00007FF68C2B0000-0x00007FF68C61A000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/1936-8-0x00007FF68C290000-0x00007FF68CB63000-memory.dmp

    Filesize

    8.8MB

    Download