Overview

overview

7

Static

static

3

366418e4e9...18.exe

windows7-x64

7

366418e4e9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2024 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    366418e4e97ba42ddbe3c5c16928aaf9_JaffaCakes118.exe

  • Size

    85KB

  • MD5

    366418e4e97ba42ddbe3c5c16928aaf9

  • SHA1

    627dbeca6d53b776e59f22f30a50669407146736

  • SHA256

    34bd881d97617bb114c7712851a38156865fe013dfaed0b3afcb45e9d18688bc

  • SHA512

    7800951e998f090b3c67dd5d0f6bb213c2059fea931b05ca259b39c3527dd8641ca57f0851278a0d26f57110b8a82ef70e15c92dce8ebff16f58c59680005713

  • SSDEEP

    1536:7jbce4z0VPhUEiT1kZsHDDCHw4cB1s9HqtQeK3qHTxWWO3M:jR1ZjiuZYvWHEQeJTl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\366418e4e97ba42ddbe3c5c16928aaf9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\366418e4e97ba42ddbe3c5c16928aaf9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 2.bat
      2⤵
        PID:4068
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c 2.bat
        2⤵
          PID:2688

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        64B

        MD5

        084391877619ba70f8c0c32a284e2860

        SHA1

        7d3c1227a9fd8acb763049142443152a4f9748bb

        SHA256

        11aded5764c570597c697f3f655f9a80420268cbf01876b8a937a54b4f640aa4

        SHA512

        712bc4715602fa460905ad16b02ca3af20db3a5f7132356d6753f947bddd607305350ccf26c7899f2e158a8d5963805eff1a9574d0ca58336605977d43c8a2a4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        63B

        MD5

        82a8fc9c7b652e697beb7dd61916009e

        SHA1

        529751a8c94dbfad2b71afa457324b2fd242eec8

        SHA256

        d009b79fae689bda25819f9ef580b096ea3efe089cc9814f7e71ec0876d4a7cb

        SHA512

        2c2b8f1918de5bb9161e3c1cead88844fcdd4753f04802d355674f8860f52d8078a33baf38665faa50401a0118b4c9cdbd44d0657ed82c6ad64d2c44261d2552

        Download Submit

      • C:\Windows\Help\F3C74E3FA248.dll
        Filesize

        70KB

        MD5

        49b7072ad4478f32c130cfa30c239217

        SHA1

        2f81ab12200de7bd3d1e0c1fd806912f89372736

        SHA256

        1a33dc70ce76e2f3ed22bdd61d605c07958a2a2da357d0c2cef42240012127fe

        SHA512

        119af18ded0897ee2b7cafd562d17b0ae3aaa1a3d5f5cbb8679c7ba0549e3a70b29b45e0928ab88068dd2faddde735d615f3ea24123b560225c14f7193cda6c0

        Download Submit

      • memory/1828-3-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/1828-14-0x0000000000400000-0x0000000000422000-memory.dmp

        Filesize

        136KB

        Download

      • memory/1828-15-0x0000000002270000-0x000000000229C000-memory.dmp

        Filesize

        176KB

        Download