Overview

overview

7

Static

static

3

382a61b4b3...18.exe

windows7-x64

7

382a61b4b3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 07:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    382a61b4b321dad61448dbeaf3dc0958_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    382a61b4b321dad61448dbeaf3dc0958

  • SHA1

    85ef4363e89c14abc88a382bcf53a773255c73a4

  • SHA256

    d23ea863c192fb255c3363f1990e0fd70d64cbb2c9b2c8a795cf43bf597800cb

  • SHA512

    c86847cd9184ce7aa794c8a78db893164985ab101fac0202a16d76eeffc1fcb6933c24ccd9b10c1d2b50f969257dae09e306661930fbc4e65d83f7ddbbf9809e

  • SSDEEP

    24576:chFPRWOpWBTeIYgcpFM9PSaQxgDVKI4FWGQl5IiP5vz3C1NZSPhFE:chFpWg6T7YdpgSaeB6lGiP13C1NgPjE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\382a61b4b321dad61448dbeaf3dc0958_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\382a61b4b321dad61448dbeaf3dc0958_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1464

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
          Filesize

          1.1MB

          MD5

          638e737b2293cf7b1f14c0b4fb1f3289

          SHA1

          f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

          SHA256

          baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

          SHA512

          4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_N4\xwx.fne
          Filesize

          549KB

          MD5

          48e0236cbd0c820203ff0094de5dd5c5

          SHA1

          b64e4a19e124ff436bf4ae5e09d561649a0286b1

          SHA256

          4d662dfd40d9ba6e5d283eaa2586b459bfbf192fed89ee6e047ae7dc3ef4145c

          SHA512

          89fad4613a84416292250b43c26a5c19008efcbab453e2bef368473ef339407c8ed5594febd1cfed2afb8bc5c35234bed93f6254a9752e89ba87458df335952c

          Download Submit

        • memory/1464-18-0x0000000000280000-0x0000000000281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1464-11-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-13-0x0000000000280000-0x0000000000281000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1464-14-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-16-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/1464-15-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-6-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/1464-20-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-21-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-22-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-24-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-25-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-27-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-28-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-29-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/1464-31-0x00000000022B0000-0x000000000233E000-memory.dmp

          Filesize

          568KB

          Download