Overview

overview

3

Static

static

3

3b6e77c72b...18.exe

windows7-x64

1

3b6e77c72b...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b6e77c72b1cf9af4fe161d6a244a29c_JaffaCakes118.exe

  • Size

    36KB

  • MD5

    3b6e77c72b1cf9af4fe161d6a244a29c

  • SHA1

    55f0d70b3f874d86b5400649711daebb456a9b95

  • SHA256

    b0a3898e9a084dee20677cd8c5c46d46d856e135af94e786f366058b6db2663d

  • SHA512

    486e4f910d14074db7b73b897580fd0af2a8fc7a0eb67a5e70470a770bcb69db45a7481dff17f21c0300fe0dcf5aea54c4cb482683b0cae9899850d4b5a43946

  • SSDEEP

    384:58KNwui55Dgzvf+o2d3e8jhfuHWTEL4X7r5wtY50Q7Xm/1PzQPJtdersSVJm:5FGYeos3pj1u2TEMrr5wtY5FLNDEL/m

Score
1/10

Malware Config

Signatures

  • Runs net.exe
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b6e77c72b1cf9af4fe161d6a244a29c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3b6e77c72b1cf9af4fe161d6a244a29c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Windows\SysWOW64\net.exe
      net stop sharedaccess
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4456
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop sharedaccess
        3⤵
          PID:976

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads