Overview

overview

7

Static

static

3

43c2dbec61...18.exe

windows7-x64

7

43c2dbec61...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 23:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43c2dbec6156cc206a977746d76b3b62_JaffaCakes118.exe

  • Size

    73KB

  • MD5

    43c2dbec6156cc206a977746d76b3b62

  • SHA1

    35f8fcc272c1d14be7be4937fbad50340c693fc6

  • SHA256

    7f6dec80dccde954b8ecd6e6ace985bdda73086b9edcbf5a32a4de9fe35fa1f9

  • SHA512

    330ca3baf3c0e7e7795406c80aaa7f0df8a493ea9a083389c07fb6828ddb322017b546e272be2ecb1f6c60d1608ece47962df08b6f25e135791d09431b082943

  • SSDEEP

    1536:5kb2IcfkBP+YZIDh8T9BUItmXDlNvrkCDWQVkE28uzkPLhSM++h:0GkBPfZVT9BUqmXpdnKQVkXPzwLl+0

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43c2dbec6156cc206a977746d76b3b62_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\43c2dbec6156cc206a977746d76b3b62_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c 2.bat
      2⤵
        PID:3040
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c 2.bat
        2⤵
          PID:2064

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        42B

        MD5

        6a857f3a8a3ed4e9a4e36136bd54622b

        SHA1

        f8954637d31a74ec8779cd9582611d3b08d032dc

        SHA256

        43f1441f6e77f1bf03a9dda2fe17edbb30a33c35ba6175f9711a3ccf478386af

        SHA512

        df1cf830d4f5025b9c4c5c88bd51e644948d4cb697add2112bbfa4ef32a9f9a810716759e9102714e5e3065e72d2b23a986734172e7da5dc9b446c89b14a1583

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\2.bat
        Filesize

        53B

        MD5

        5f312aefe66000f08e943419c4cd9b7c

        SHA1

        c54cdc424e826ce373f678775ab933178d6d38a5

        SHA256

        63629a9885273d996dec504ee82a91118e241362b0c546bcbee5847ca6ca33ad

        SHA512

        89cc6f34b932a59a0d160f1442098f8e1d97b6ece5c2739f0c9d370fb6344f5972f227baf63fc71e2669c30438dc3b982e95d78f4236a622e7f9bafea5189d19

        Download Submit

      • \Windows\debug\B831406A9770.dll
        Filesize

        154KB

        MD5

        77193e1f14ab53a4d98774cace16b807

        SHA1

        ae4974beb8a29e085ef756fa7d9daa6aecdd210a

        SHA256

        9823b5f47813c476d382a3a12b7840db37466c4974c9e6bad211d727957b920e

        SHA512

        398200fc148f99ad26ef18404ad73caa5f0a9f1b9b31521a53aa66da8562c090835446ef3c7d428a734e5f43be19383db0f9a57173207e9e33fe0391deb51403

        Download Submit

      • memory/2860-0-0x0000000000400000-0x0000000000450000-memory.dmp

        Filesize

        320KB

        Download

      • memory/2860-19-0x00000000003C0000-0x00000000003EB000-memory.dmp

        Filesize

        172KB

        Download

      • memory/2860-22-0x00000000003C0000-0x00000000003EB000-memory.dmp

        Filesize

        172KB

        Download

      • memory/2860-23-0x0000000000400000-0x0000000000450000-memory.dmp

        Filesize

        320KB

        Download