Overview

overview

7

Static

static

3

615a858751...18.exe

windows7-x64

1

615a858751...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2024 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    615a8587511f9f38d507c9dc582e768a_JaffaCakes118.exe

  • Size

    99KB

  • MD5

    615a8587511f9f38d507c9dc582e768a

  • SHA1

    e5f8a5aceb529b07efce28428fe4de2577d91cba

  • SHA256

    0c02cceb771796cf8b0e1b089d5373c5710a20a876a6dfe241de95352198f92f

  • SHA512

    c9ba9a6310fd3f2e5e56215bb4d6b0cd4970a5ea5548e599db3e0a6feeb6b33adf9446439cd98e6fe1db8f0d09b663fb279e501091c9d96b8d8039c87b0f1bb6

  • SSDEEP

    1536:dOKzyqNQuJiYjTX5RzPO4HE76U82LQ0SzipMqML+Liltjx+sqv8ajCqldVu:EKzyqN11D5RzPO4HE7N8CSieLx1aGqrM

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\615a8587511f9f38d507c9dc582e768a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\615a8587511f9f38d507c9dc582e768a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\vcmgcd32.dll
    Filesize

    36KB

    MD5

    ae22ca9f11ade8e362254b452cc07f78

    SHA1

    4b3cb548c547d3be76e571e0579a609969b05975

    SHA256

    20cbcc9d1e6bd3c7ccacbe81fd26551b2ccfc02c00e8f948b9e9016c8b401db6

    SHA512

    9e1c725758a284ec9132f393a0b27b019a7dde32dc0649b468152876b1c77b195abc9689b732144d8c5b4d0b5fcb960a3074264cab75e6681932d3da2a644bc1

    Download Submit

  • memory/4428-0-0x0000000001000000-0x000000000101C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4428-8-0x0000000010000000-0x0000000010011000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4428-10-0x0000000010000000-0x0000000010011000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4428-9-0x0000000001000000-0x000000000101C000-memory.dmp

    Filesize

    112KB

    Download