Overview

overview

7

Static

static

3

359e38ffbf...18.exe

windows7-x64

7

359e38ffbf...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    359e38ffbf4d55c792e294c380fe84ac_JaffaCakes118.exe

  • Size

    52KB

  • MD5

    359e38ffbf4d55c792e294c380fe84ac

  • SHA1

    81797bd7e055f2c34280d4fab7520ca5244fecb1

  • SHA256

    fde46fe7d958f6ba65994f22d853d0ea30ea046d82be4df3c6b06cc993483999

  • SHA512

    2b5903f16eaab82aa2c172a250149ad8edf870ce40b8a98153ee1abce3bf766a4d4a6288eb5a41b32bb2a23097923f3e1135ea4dc50305293356591df211907f

  • SSDEEP

    1536:mLwk4mz4V6760eDVLDjA06UI5nm3fO40aGENjJx:Vk4mz4V676/BDA06UI5nmvX0aGsP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3428
      • C:\Users\Admin\AppData\Local\Temp\359e38ffbf4d55c792e294c380fe84ac_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\359e38ffbf4d55c792e294c380fe84ac_JaffaCakes118.exe"
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4392
        • C:\Users\Admin\AppData\Local\Temp\stub.exe
          C:\Users\Admin\AppData\Local\Temp\stub.exe
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1420

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\stub.exe
      Filesize

      28KB

      MD5

      5bd7568814c9c4aa844ef02176f4f11b

      SHA1

      cd01fbdc9107534d5612470d18dea3cf00135f65

      SHA256

      e89b96d522b13ef22df0475684b75ecdea529551653701965b745bd2cbdfc7c8

      SHA512

      a2d4adae4acbdcef60ced70430d0d4dc19bf524b0338cb5c66bd00bac0e4326482b985a5fe5ac971ba0d48c66cab2871aeac726cd192830cd2c9efc2cc992b16

      Download Submit

    • memory/1420-5-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1420-7-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1420-15-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1420-14-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3428-8-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3428-10-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

      Filesize

      24KB

      Download