6327e871db072fc4e6c02f85991ee17c744595218d9030bd51d28e6236c025ea

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe
Size

495KB
MD5

5e811263c06a046a4cdffb33fdef23f1
SHA1

4bab4642ffb831be497db742b6ee769b853f02e3
SHA256

6327e871db072fc4e6c02f85991ee17c744595218d9030bd51d28e6236c025ea
SHA512

3ce410e7ff388677767f76445cc01a3a2ec6e6f1e81846594d2301076d8d9cf5bbb2f82786055897e8bd679bc558d4966f7a44ad743914c5b7bb9596ff6a9d64
SSDEEP

12288:Lf3gkuFAf7r+P87AYbhZF3Z4mxx6DqVTVOC0:zQdE7687A83QmXBVTz0

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\brc_Server.exe	5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\brc_Server.dat	5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\brc_Server.exe	5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\brc_Server.dat	5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1700	5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe
1700	5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe
1700	5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5e811263c06a046a4cdffb33fdef23f1_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-0-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download
memory/1700-1-0x00000000002C0000-0x0000000000314000-memory.dmp

Filesize
336KB

Download
memory/1700-9-0x0000000003210000-0x0000000003211000-memory.dmp

Filesize
4KB

Download
memory/1700-8-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1700-7-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1700-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1700-5-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1700-4-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1700-3-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1700-2-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1700-16-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1700-26-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1700-25-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1700-24-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

Filesize
4KB

Download
memory/1700-23-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1700-22-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/1700-21-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1700-20-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/1700-19-0x0000000001D80000-0x0000000001D81000-memory.dmp

Filesize
4KB

Download
memory/1700-18-0x0000000001D50000-0x0000000001D51000-memory.dmp

Filesize
4KB

Download
memory/1700-17-0x0000000001D60000-0x0000000001D61000-memory.dmp

Filesize
4KB

Download
memory/1700-15-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1700-14-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/1700-13-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/1700-12-0x0000000001D40000-0x0000000001D41000-memory.dmp

Filesize
4KB

Download
memory/1700-11-0x0000000003210000-0x0000000003211000-memory.dmp

Filesize
4KB

Download
memory/1700-10-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1700-30-0x00000000002C0000-0x0000000000314000-memory.dmp

Filesize
336KB

Download
memory/1700-29-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download