Analysis
-
max time kernel
135s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 21:08
Static task
static1
Behavioral task
behavioral1
Sample
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe
-
Size
32KB
-
MD5
366338f7a4e55a5f7a9f43f7a1d10014
-
SHA1
d801577b2f3455656be0443a45b90b70df003b3a
-
SHA256
b08af00cd09f0e6e80fdfdb7d9b7c1a8726c4c8d0d5a4b040f0e6d965f28f501
-
SHA512
c84b9267c6cbf2b5b37ba74abdc3ca43f83c954caf3b950df1e653f5c4631053e2664449c7dc4f16f2ccdcf44bde2b636be4de596eae5b766a899aa5156e1079
-
SSDEEP
384:/T1dDqmPyNDmngLRkMe9Uu7VxWiIY58o/ZbGcGF3vw:/JdeT9m7B9pHWpi/Zk3vw
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
rst.exepid process 4564 rst.exe -
Drops file in System32 directory 1 IoCs
Processes:
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\SysWOW64\rst.exe 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1428 4564 WerFault.exe rst.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exepid process 4640 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exedescription pid process target process PID 4640 wrote to memory of 4564 4640 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe rst.exe PID 4640 wrote to memory of 4564 4640 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe rst.exe PID 4640 wrote to memory of 4564 4640 366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe rst.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\366338f7a4e55a5f7a9f43f7a1d10014_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4640 -
C:\Windows\SysWOW64\rst.exeC:\Windows\system32\rst.exe2⤵
- Executes dropped EXE
PID:4564 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 4923⤵
- Program crash
PID:1428
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4564 -ip 45641⤵PID:1012
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5ca04309dd09085180523e7642aaa10be
SHA1a0bcf62d27cc74b4c4cb48fe9cb2d5a661b7c0cf
SHA2560373ef0fd6c3b0eeee386f67496c0ffc4973a43c8082859069d2cfefc6023c83
SHA512c012cf2731418e8f174c1971e2b2e146db785161a8ce586bed94655b88b1b0267a30133ffed17a05f1ec6d8e41a63ffe1694fadf08a84ceaf29fc86969a81bcb