Overview

overview

7

Static

static

3

5e0972a764...18.exe

windows7-x64

7

5e0972a764...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e0972a764c36ae09e471818ee48d6d0_JaffaCakes118.exe

  • Size

    33KB

  • MD5

    5e0972a764c36ae09e471818ee48d6d0

  • SHA1

    2b566afa4fa3c4408a2def698240d5daf904dac7

  • SHA256

    45adf34a96292bc9183f95219094487a5c105d44e0ae9d187199a9cb9a6f2616

  • SHA512

    64475556abc4889892bf11836b27c3ad318e42ef8295168983835d279ad11466ae63559128442c05371c715c00dd03a07ba1d4e6df3f037c5e69ccab4e2b15aa

  • SSDEEP

    768:6oTBwOjwtUa1/JoV4WGdpwlqou60DUOPYT:6mYUa0V4WGQlu5UOq

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e0972a764c36ae09e471818ee48d6d0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5e0972a764c36ae09e471818ee48d6d0_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Windows\SysWOW64\RUNDLL32.EXE
      C:\Windows\system32\RUNDLL32.EXE bpelrmabyk.dll,ThreadFalse
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\bpelrmabyk.dll
    Filesize

    16KB

    MD5

    3db81a3896d6f099391e1e0c355fc08b

    SHA1

    6baeccff14904b900b0d00532b116d13f7072b39

    SHA256

    af4dd898a29c947771621752e91f106353a2244f619406dcb5b1cb8a8242ee1e

    SHA512

    6f132f3d56f06a207b0e2e1257d68e7af6995656528a76d003d724ef5a29e471fb49117b330387d973a1fb4da458e0b56b453bda5df8d00903e3e9c31dbf93e0

    Download Submit

  • memory/976-7-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2316-10-0x0000000000140000-0x000000000015C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2316-9-0x0000000000414000-0x0000000000415000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2316-8-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download