Overview

overview

7

Static

static

3

4694cbc39e...18.exe

windows7-x64

7

4694cbc39e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4694cbc39e349f82b0d17ea82fce8d2b_JaffaCakes118.exe

  • Size

    2.5MB

  • MD5

    4694cbc39e349f82b0d17ea82fce8d2b

  • SHA1

    09a741096e94978594c90ffc091e01cb9cd3b04a

  • SHA256

    ff93dedb52b8a13955934a05bd0149254fd1abb42c43eecc3ce5d7ca7a62e151

  • SHA512

    e7ccbe13b7d941bd0f434e683ee5b53ff9472a1f14b5f8ac15d60d455949a89961b680a956138459c759be8dd8b835eb1622c581f17beb716019f5c133efd600

  • SSDEEP

    49152:zhmGpsc3+6dTP3/Rsy7Mn18LOAP6DMciGBC+betO:9m+sc3HdTPaoOCOo6DWYCweM

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4694cbc39e349f82b0d17ea82fce8d2b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4694cbc39e349f82b0d17ea82fce8d2b_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7668.tmp
    Filesize

    624B

    MD5

    1426d2db1474a2a84b2fc2c1d76e4898

    SHA1

    4ac3177afc34663fd246dc92011334f3566fa021

    SHA256

    2dc19872ca01c5a406a483ad4b92b4d0b711ec0d2b09d4385b5829e4ce37c848

    SHA512

    81ea9a45e1beb8cfb4bbe6258e3fc0dc3a68495ae7e3e1a675c84e348f30eba71c1d8a24cef4f2197752a027b3b4566e33a9d290e065e41ac2223056a7a3451b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\768D.tmp
    Filesize

    48KB

    MD5

    7360f2c25c1f26ac4562f0b0e7f9c95a

    SHA1

    d3d5be13fb7b448815df84e46541961f88ed238d

    SHA256

    e8ae2170ee427a0d54e168e0d755662a105f95c5ed02de3248313f919dbbb793

    SHA512

    139f472103f59619703e327774dbd3c02d8915f1a82371395333b65c8362f048b7a9cc11ea828aeecaa279bd67dfc7dc54732374ef820102095422d6bb344109

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\grbmj.dll
    Filesize

    48KB

    MD5

    3f2532ea6180626395b2006ffedf7fca

    SHA1

    6634801e48a16c1c40cde9ce4cf4080984251f21

    SHA256

    0175158308879005dbb4db2bcccd4459bfbbe8a7669a6485754eeaec637ea930

    SHA512

    85fa904de2bb73b04daed671b5d58aad683600ed3e41494aeee5bdf9243408031d32628a741caff4df855e39c72d4cc9d8440e79dd69139b1cf9e3ea59676502

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\temp01.dll
    Filesize

    40KB

    MD5

    10640cdf5a843c7eb9a0132e4cd852e4

    SHA1

    c6c9930c978488026ff1ed21ba45c13657d2c1df

    SHA256

    6cb48e6006a5b197715eb9893119b7c98a8f8ee86e6677fa87f0d073d74c2cdf

    SHA512

    9b2cdeb75f1da2e21c41a77a4f36d4a242d161bbfe4b57f6278f1f2357f53c43b6474a23809b15e51fed445d6809cf2324f238263f314639663fee673a49418b

    Download Submit

  • memory/1188-0-0x0000000000400000-0x00000000007D4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1188-1-0x00000000006EA000-0x00000000006EC000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1188-2-0x0000000000400000-0x00000000007D4000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1188-74-0x0000000000400000-0x00000000007D4000-memory.dmp

    Filesize

    3.8MB

    Download