Overview

overview

7

Static

static

3

3204b70b46...18.exe

windows7-x64

7

3204b70b46...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    95s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe

  • Size

    88KB

  • MD5

    3204b70b46229beea300c5a990d8e49f

  • SHA1

    9c88a852b64aa5c07b2773a312b15ea6addb3f79

  • SHA256

    9f56588a14c7a64e217eabe9d37234b1b4aa8361a8aa8fe44d81ca7a2cd3e9a0

  • SHA512

    b0b823a373ddb54d77b9850945c9582f6574f81f61e88ade9ddc81f766369c3b0ceca13ce5050b42b4bcf73105841dc7a03da68b0db6d1d45d4f43f92f9a5e22

  • SSDEEP

    1536:/Gy/XqiufYkNWP4c+GZWpAmNbZEs1bwHOb4nm3pT2aadFFWc8aOb4nm3pT2aad0:7SOP7wbZE0wHW64NaWh

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3204b70b46229beea300c5a990d8e49f_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\fuck__Duba.com
      C:\fuck__Duba.com
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1124
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fuck__Dubakill.bat
        3⤵
          PID:3964

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\fuck__Dubakill.bat
      Filesize

      82B

      MD5

      a5483cf5481b7805ee19c0256744924e

      SHA1

      d5535a4c8030ffbd7f60116e585ef6b2a9d84072

      SHA256

      421ec1396e428830f4f939c9020f1cd8cd8ea8544198e5c444c27330fbdc4fec

      SHA512

      6124c7152e7a1e679b0c693bc92db88da159d24f4d7412f06481f23bca96c73267ac482cb74bf2f94c52495744b16d769b7a8b1a470490b88615da63bbaf9b96

      Download Submit

    • C:\fuck__Duba.com
      Filesize

      64KB

      MD5

      70a3e8b9b59d6d9e3e189ce119bd2b28

      SHA1

      b554cfabb6f0e817af8ec1d1f75d778235384adb

      SHA256

      d79c518dabec18851c712a0ee0582368978d036852b03d82810291aabc350749

      SHA512

      27d3831e5e7ebecff5a021671da3288e8c5a62fb52b000dfded7bff58f7471aefefd7f697fe64a4cb5f02d2627ba483fba5fbb971d3df3c4ff071e9e620101a0

      Download Submit

    • memory/1124-6-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1124-12-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download