Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 22:33

General

  • Target

    439cfa99cbc91d516975973626e80b1c_JaffaCakes118.exe

  • Size

    253KB

  • MD5

    439cfa99cbc91d516975973626e80b1c

  • SHA1

    6c6b04a2df82e83499294f434617d22beabfcd16

  • SHA256

    c232c20574d640bed68aa692df50f912e36433798e41b54b783a3ff761325f82

  • SHA512

    fb43dc7e18b4dd62ca67ee47eb73915817f31b9442a02048d4166f111424faa32ee567e28bad46ee618d7796b1ee097e73c241edb2116c0e7660fcc5feac9185

  • SSDEEP

    3072:NxlgiukdiZJEpJnohdEJ1MtAe7gn17/C7fvWNCHeODMueLI6QzrBHMBqdK:blgilMegEJzqbO4TrBsr

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1388
      • C:\Users\Admin\AppData\Local\Temp\439cfa99cbc91d516975973626e80b1c_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\439cfa99cbc91d516975973626e80b1c_JaffaCakes118.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1948
        • C:\Users\Admin\AppData\Local\Temp\439cfa99cbc91d516975973626e80b1c_JaffaCakes118.exe
          "C:\Users\Admin\AppData\Local\Temp\439cfa99cbc91d516975973626e80b1c_JaffaCakes118.exe"
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2560

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1388-9-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

            Filesize

            28KB

          • memory/1388-12-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

            Filesize

            4KB

          • memory/1948-4-0x0000000010000000-0x0000000010036000-memory.dmp

            Filesize

            216KB

          • memory/2560-1-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

          • memory/2560-3-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

          • memory/2560-0-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

          • memory/2560-6-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

          • memory/2560-7-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

          • memory/2560-8-0x0000000000240000-0x0000000000253000-memory.dmp

            Filesize

            76KB

          • memory/2560-21-0x0000000000240000-0x0000000000253000-memory.dmp

            Filesize

            76KB