a58812c85e9764759bd22d462526881cecbdddb0fe0dd60b90ff5ee8124b6a6f

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 07:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe
Size

92KB
MD5

44e95acd9c7768ce6a2de64f44ea101e
SHA1

f4bda62f133435e87e32d3fa4b76c64db44e6e11
SHA256

a58812c85e9764759bd22d462526881cecbdddb0fe0dd60b90ff5ee8124b6a6f
SHA512

841ab6ae48ff1a48d203086f7e523f36ead1ab0dbde87fb7d44e20c91fcbaa32ecfac1a340e567c42463141b1d9f5f5c70d5cb05b0f7fde9103257c9ea104e7c
SSDEEP

1536:L2OyM+vOxt0c5hfHP1qlmv60lHj4UraTPVPSPkP4PjPAkbohaWdV7lObdEZxHwA4:3EA0c5Olmv60l3LbohaMAuwiNCP7b

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2444	vuooqu.exe

Loads dropped DLL 2 IoCs

pid	Process
3032	44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe
3032	44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3032	44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe
2444	vuooqu.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2444	3032	44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe	30
PID 3032 wrote to memory of 2444	3032	44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe	30
PID 3032 wrote to memory of 2444	3032	44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe	30
PID 3032 wrote to memory of 2444	3032	44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\44e95acd9c7768ce6a2de64f44ea101e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\vuooqu.exe
  "C:\Users\Admin\vuooqu.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\vuooqu.exe

Filesize
92KB

MD5
7c06669645299a1e441519a5c3fd9b19

SHA1
f9054c6a4220ac21f8cb97e9be678a95ba09ee27

SHA256
faeaa648cda260149b6762226585db58138483f3842b49101d6cb3db1b78c553

SHA512
1ba80def7c7cb9ae23ec7cb3bc6b20aa6c518d3b220aec3eff67db23332a2c8f843bd2359ced134ef60d126ddf53a14f2d249dfd3f6c2e342996e461405b3b84

Download Submit