Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 21:08
Static task
static1
Behavioral task
behavioral1
Sample
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
-
Size
32KB
-
MD5
366338f7a4e55a5f7a9f43f7a1d10014
-
SHA1
d801577b2f3455656be0443a45b90b70df003b3a
-
SHA256
b08af00cd09f0e6e80fdfdb7d9b7c1a8726c4c8d0d5a4b040f0e6d965f28f501
-
SHA512
c84b9267c6cbf2b5b37ba74abdc3ca43f83c954caf3b950df1e653f5c4631053e2664449c7dc4f16f2ccdcf44bde2b636be4de596eae5b766a899aa5156e1079
-
SSDEEP
384:/T1dDqmPyNDmngLRkMe9Uu7VxWiIY58o/ZbGcGF3vw:/JdeT9m7B9pHWpi/Zk3vw
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
rst.exepid process 2500 rst.exe -
Loads dropped DLL 2 IoCs
Processes:
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exepid process 1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe 1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe -
Drops file in System32 directory 1 IoCs
Processes:
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\SysWOW64\rst.exe 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exepid process 1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exedescription pid process target process PID 1968 wrote to memory of 2500 1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe rst.exe PID 1968 wrote to memory of 2500 1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe rst.exe PID 1968 wrote to memory of 2500 1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe rst.exe PID 1968 wrote to memory of 2500 1968 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe rst.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Windows\SysWOW64\rst.exeC:\Windows\system32\rst.exe2⤵
- Executes dropped EXE
PID:2500
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5ca04309dd09085180523e7642aaa10be
SHA1a0bcf62d27cc74b4c4cb48fe9cb2d5a661b7c0cf
SHA2560373ef0fd6c3b0eeee386f67496c0ffc4973a43c8082859069d2cfefc6023c83
SHA512c012cf2731418e8f174c1971e2b2e146db785161a8ce586bed94655b88b1b0267a30133ffed17a05f1ec6d8e41a63ffe1694fadf08a84ceaf29fc86969a81bcb