Analysis
-
max time kernel
91s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
11/07/2024, 02:20
General
-
Target
37564b7ead95a067235409e1320f4da9_JaffaCakes118.exe
-
Size
36KB
-
MD5
37564b7ead95a067235409e1320f4da9
-
SHA1
55baeb49f360689219efbf1fc887d32ec5adaf84
-
SHA256
d67783ffa32c26878aff27d2a21f88b02eb048ecd1c760a2e26824188df07cd0
-
SHA512
b02669836883ab47d8b00695dd55e7b1902244aaa46dc4e56928528c92c343d1a3f510f23996e0d0566440dce60e8cc8b08a1d8aa8f56b614cbabbcebe7ab048
-
SSDEEP
768:lGCur3Np3eg9kPpnf11rNPTLaRxNTahtTu6hk:lGC+b3eg9Sx5YotT9hk
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37564b7ead95a067235409e1320f4da9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\37564b7ead95a067235409e1320f4da9_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\tmp.tmp.tmp1C:\Windows\tmp.tmp.tmp12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 4923⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5028 -ip 50281⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD552d4462b34d3b71e81de62b7520e1bd5
SHA1c17fe5819334e7fdeaa7b3899345042189790f79
SHA2567a60debedb9a0b334bb564ca316be3b9ac59cedda5a681f8210552d6ae2bcf57
SHA512949efdf3d8f67b1310a3e8c91025ccda316dea24a5c18a3d767847581e647cda7d70792be68b8cc8c8c9d85ab4959ad8d49fa9d82c86387594aa1dda24a54452
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
8KB