Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 18:42
Static task
static1
Behavioral task
behavioral1
Sample
3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe
-
Size
352KB
-
MD5
3e725f31117f534d537013a0b28356b0
-
SHA1
fcb2c047a634a3eaa160291c54a1e5103b97f27c
-
SHA256
9562788243a0b94b38df9a75c50f8cb3dcd1195bfaffb240f1c3958749e7ab50
-
SHA512
beab233e7a3c27af8f5efc8b8a4b90d10b5626970988e97c0881ad5c4ac710410f269c5bb461d52944695188f36f1b40cc5e65b3663d943c74b566c56473bc51
-
SSDEEP
3072:sz/92a98YQ19SecMltGzKUTC3eYYQ19qROLz/9PwCZ632kKVaiJ38yeu:sL9IR3cLOUTZYRXL99E3iaugu
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2068 Loader_forqd311.exe -
Loads dropped DLL 2 IoCs
pid Process 328 3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe 328 3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 328 3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 328 wrote to memory of 2068 328 3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe 30 PID 328 wrote to memory of 2068 328 3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe 30 PID 328 wrote to memory of 2068 328 3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe 30 PID 328 wrote to memory of 2068 328 3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3e725f31117f534d537013a0b28356b0_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:328 -
C:\Users\Admin\AppData\Local\Temp\Loader_forqd311.exe"C:\Users\Admin\AppData\Local\Temp\Loader_forqd311.exe"2⤵
- Executes dropped EXE
PID:2068
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD5f7a1ed6adcdcd53e9c15afd05d6ba22d
SHA131203081e03e0f8d76787d73139427036c871d6a
SHA2560b2e5f5607957f2a4bb6506e1c4f4ff0f343ebbd63864f8eee7e8686ad0cdb9f
SHA51228d7b0d65a3a6faeb6cd30abdafdc426097432694f997d680ddb8cb3c631d2d44972999b50e9d643150a02c751b7f1f1097ecf18597b7477708bd703f1dbe962