Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
09/07/2024, 21:20
Static task
static1
Behavioral task
behavioral1
Sample
3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe
-
Size
88KB
-
MD5
3204b70b46229beea300c5a990d8e49f
-
SHA1
9c88a852b64aa5c07b2773a312b15ea6addb3f79
-
SHA256
9f56588a14c7a64e217eabe9d37234b1b4aa8361a8aa8fe44d81ca7a2cd3e9a0
-
SHA512
b0b823a373ddb54d77b9850945c9582f6574f81f61e88ade9ddc81f766369c3b0ceca13ce5050b42b4bcf73105841dc7a03da68b0db6d1d45d4f43f92f9a5e22
-
SSDEEP
1536:/Gy/XqiufYkNWP4c+GZWpAmNbZEs1bwHOb4nm3pT2aadFFWc8aOb4nm3pT2aad0:7SOP7wbZE0wHW64NaWh
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2144 fuck__Duba.com -
resource yara_rule behavioral1/files/0x0007000000012115-7.dat upx behavioral1/memory/2144-10-0x0000000000400000-0x0000000000424000-memory.dmp upx behavioral1/memory/2144-21-0x0000000000400000-0x0000000000424000-memory.dmp upx -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\CCTV.exe fuck__Duba.com File opened for modification C:\Windows\CCTV.exe fuck__Duba.com -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1940 3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe 2144 fuck__Duba.com -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1940 wrote to memory of 2144 1940 3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe 30 PID 1940 wrote to memory of 2144 1940 3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe 30 PID 1940 wrote to memory of 2144 1940 3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe 30 PID 1940 wrote to memory of 2144 1940 3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe 30 PID 2144 wrote to memory of 2404 2144 fuck__Duba.com 31 PID 2144 wrote to memory of 2404 2144 fuck__Duba.com 31 PID 2144 wrote to memory of 2404 2144 fuck__Duba.com 31 PID 2144 wrote to memory of 2404 2144 fuck__Duba.com 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\fuck__Duba.comC:\fuck__Duba.com2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\fuck__Dubakill.bat3⤵PID:2404
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82B
MD5a5483cf5481b7805ee19c0256744924e
SHA1d5535a4c8030ffbd7f60116e585ef6b2a9d84072
SHA256421ec1396e428830f4f939c9020f1cd8cd8ea8544198e5c444c27330fbdc4fec
SHA5126124c7152e7a1e679b0c693bc92db88da159d24f4d7412f06481f23bca96c73267ac482cb74bf2f94c52495744b16d769b7a8b1a470490b88615da63bbaf9b96
-
Filesize
64KB
MD570a3e8b9b59d6d9e3e189ce119bd2b28
SHA1b554cfabb6f0e817af8ec1d1f75d778235384adb
SHA256d79c518dabec18851c712a0ee0582368978d036852b03d82810291aabc350749
SHA51227d3831e5e7ebecff5a021671da3288e8c5a62fb52b000dfded7bff58f7471aefefd7f697fe64a4cb5f02d2627ba483fba5fbb971d3df3c4ff071e9e620101a0