1b176952768c47f8d13bccca94adef8888b3b1db8d93250b36a22c0d0707db52 | Triage

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 07:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
Size

764KB
MD5

3c683ea7b6639e70606d0f43a3761af9
SHA1

8c0943c4fef6388624b22b921224a916c88f2711
SHA256

1b176952768c47f8d13bccca94adef8888b3b1db8d93250b36a22c0d0707db52
SHA512

9609b68f69421007f8c1b1050de1463becf6472499ca452ca6dad5b0d48afbba875a0f10ae2a59419c9a145adba863212547978383287064be186653edc79ecd
SSDEEP

12288:vX6doGPM8JJsKpqzZyCrYnIcfZdFa8nYnmAYNYG5Zo6Di82IOYUNSfLBlffMgAme:oPMUqwqdjrYnIcfla8YnH8f5ZLDjzOzy

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
4980	3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c683ea7b6639e70606d0f43a3761af9_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4980-0-0x0000000000400000-0x0000000000687000-memory.dmp

Filesize
2.5MB

Download
memory/4980-1-0x00000000023E0000-0x00000000023E2000-memory.dmp

Filesize
8KB

Download
memory/4980-2-0x0000000000400000-0x0000000000687000-memory.dmp

Filesize
2.5MB

Download
memory/4980-3-0x0000000000400000-0x0000000000687000-memory.dmp

Filesize
2.5MB

Download