5453585f4ff338d0e82846930916b16ac53a1bc9348c2397d6bb161d78eef836

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
Size

285KB
MD5

3928cb0b6bcaea521ed1c505541e64ea
SHA1

1150b4da7dcd9c52ae3e9f4d3670f625d28bdd5a
SHA256

5453585f4ff338d0e82846930916b16ac53a1bc9348c2397d6bb161d78eef836
SHA512

b99d71aa14baf9a97ab00f467172195bfcedd31b341fb3af2b6d426bea6328151cf47c80a081d9189496e5e3518f95892cd68cd3bcc0e593475414e53d4bc821
SSDEEP

6144:PXu4NDUpz9VaPe9of5Sbr/VJO0DrKZkYEE6BMYoeE46dnP/0+J:PXu4NDYpwPeWmsJuYERMrT

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\kxmdsa.hdt	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
File created	C:\Windows\kxwdok.hdt	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
2508	3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3928cb0b6bcaea521ed1c505541e64ea_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2508-0-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/2508-1-0x0000000002270000-0x0000000002380000-memory.dmp

Filesize
1.1MB

Download
memory/2508-2-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2508-6-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/2508-7-0x0000000002270000-0x0000000002380000-memory.dmp

Filesize
1.1MB

Download