Overview

overview

7

Static

static

7

38729b8ffa...18.exe

windows7-x64

7

38729b8ffa...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 08:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38729b8ffa8e1df9a7d35b9d306fdc60_JaffaCakes118.exe

  • Size

    53KB

  • MD5

    38729b8ffa8e1df9a7d35b9d306fdc60

  • SHA1

    08b74e863dcfec6ce220aeecc193162e620faccd

  • SHA256

    add2b4df2ab7bd111f76ecdb3f31890cf11069ff9bda0fd729bdedcf32b7663b

  • SHA512

    e33504dd25eff47b574422918dc16adb4c8db0856eddb205b075219ac320338d873e3b669eb4bd2238c60d17917d63670ef0d1ab262d4ad39e8b7753a5c09266

  • SSDEEP

    1536:mNILhgs+fSCppwGio37KBw0DtxLGIWSKZeCvC:mNIbawpoj0JOSKUC6

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38729b8ffa8e1df9a7d35b9d306fdc60_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\38729b8ffa8e1df9a7d35b9d306fdc60_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Users\Admin\AppData\Local\Temp\38729b8ffa8e1df9a7d35b9d306fdc60_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\38729b8ffa8e1df9a7d35b9d306fdc60_JaffaCakes118.exe" x
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Internet Explorer\SysKetNt.Sys
    Filesize

    69KB

    MD5

    fbbeebdfa9c7989908c0063bea7af561

    SHA1

    05d126070c7537dea44d00b642504bc0c8dd3e61

    SHA256

    20981cdf82e505aecb30b314c8a52386293cf0577752dd3515d3df04364fc1e7

    SHA512

    90b680493d1e5c500c41b4e05a4f656a7dac5a3eee6eb48b3ec9b3d32de36c8ba45b5f1ac1870cac5b213e712dac63fda576f2aa2d48d56d4a21628ec6ac5419

    Download Submit

  • C:\Program Files\Internet Explorer\Unix_Sg.Jmp
    Filesize

    53KB

    MD5

    625dd94112912678eebbce01fff662bc

    SHA1

    a018da35d04256c274f12c659ec74a6227be713b

    SHA256

    d3a0e2bd9f67205a142e6f3138d34953f52f22c15a062eaf4475d35f21bea358

    SHA512

    61cb0d2962f33ab8206ddb1f2de0b394d613a512b840ad663e7161207ecd6ad14b97ed297167e5d6c67e724247e3bb90821f34d358bda93212174e1038416e15

    Download Submit

  • memory/1036-4-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1036-8-0x00000000001B0000-0x00000000001C6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1036-9-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1036-10-0x00000000001B0000-0x00000000001C6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2264-3-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download