Static task
static1
Behavioral task
behavioral1
Sample
69bec32d50744293e85606a5e8f80425_JaffaCakes118.exe
Resource
win11-20240709-en
General
-
Target
69bec32d50744293e85606a5e8f80425_JaffaCakes118
-
Size
146KB
-
MD5
69bec32d50744293e85606a5e8f80425
-
SHA1
101b90ac7e0c2a8b570686c13dfa0e161ddd00e0
-
SHA256
95739e350d7f2aca2c609768ee72ad67fcf05efca5c7ad8df3027c82b9c454cf
-
SHA512
e01f976fcbfa67cfd6e97855d07350a27b67fcc825d4e813ac9d2f4e8f464bb4f8bbbbe58a26bc27e78fa15db0ee5271e8f041dd72f036c11964eb1c591b438f
-
SSDEEP
3072:V6ZkRGjkBrmKmY99UpkD1/34bIpVSrtLmqc2LVMMqqD/h2LuTeONA5tIHVcH:IS9rLPPUpa3VVEtLXcCqqD/hOQnaMcH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 69bec32d50744293e85606a5e8f80425_JaffaCakes118
Files
-
69bec32d50744293e85606a5e8f80425_JaffaCakes118.exe windows:5 windows x86 arch:x86
e9f710b579880d1b6ff748176eb620f1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
netapi32
NetApiBufferFree
NetShareEnum
iphlpapi
GetAdaptersInfo
ws2_32
WSAGetLastError
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup
ioctlsocket
crypt32
CryptBinaryToStringA
gdiplus
GdipGetImageEncodersSize
GdipDeleteGraphics
GdipDeleteStringFormat
GdipGetImageGraphicsContext
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipCloneBrush
GdipDrawString
GdipFree
GdipDeleteBrush
GdipAlloc
GdipDisposeImage
GdipCreateLineBrushFromRect
GdipSetStringFormatLineAlign
GdipCreateFont
GdiplusStartup
GdipGetGenericFontFamilySansSerif
GdipCreateStringFormat
GdipDeleteFontFamily
GdipGetImageEncoders
GdipFillRectangle
GdipCreateFontFamilyFromName
shlwapi
PathAddBackslashW
PathFindExtensionW
PathRemoveBackslashW
PathRemoveExtensionA
StrFormatByteSize64A
PathRemoveFileSpecW
mpr
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetAddConnection2W
ntdll
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
NtClose
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
NtSetInformationProcess
RtlCreateAcl
NtWaitForSingleObject
NtSetInformationFile
RtlDosPathNameToNtPathName_U
NtCreateIoCompletion
NtRemoveIoCompletion
NtQueryInformationFile
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock
msvcrt
malloc
calloc
free
kernel32
GetLocalTime
GetProcAddress
SetThreadUILanguage
GetConsoleMode
GetWindowsDirectoryW
GetCurrentProcess
GlobalFree
GlobalAlloc
ReadFile
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetModuleHandleA
SetProcessShutdownParameters
SetConsoleMode
WriteFile
GetConsoleWindow
SetConsoleTitleA
FindVolumeClose
SetVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
GetVersion
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
GetUserDefaultUILanguage
TerminateProcess
GetSystemDefaultUILanguage
Process32First
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
Sleep
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetDiskFreeSpaceExW
SetFileAttributesW
ExitThread
GetFileAttributesW
CreateFileW
FindClose
SetConsoleTextAttribute
WaitForMultipleObjects
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
SetConsoleCtrlHandler
user32
wsprintfW
GetMessageW
GetSystemMenu
SystemParametersInfoW
DeleteMenu
wsprintfA
CharUpperA
SetWindowLongA
PeekMessageW
GetWindowLongA
wvsprintfA
RegisterHotKey
FlashWindow
SetLayeredWindowAttributes
EnableMenuItem
MessageBoxA
GetSystemMetrics
GetShellWindow
GetWindowThreadProcessId
IsWindowVisible
ShowWindow
CharLowerBuffW
advapi32
CloseServiceHandle
RegQueryValueExW
RegDeleteValueW
RegSetValueExA
RegSetValueExW
RegCreateKeyExA
RegQueryValueExA
OpenProcessToken
DuplicateToken
OpenThreadToken
GetTokenInformation
SetSecurityInfo
RegOpenKeyA
RegCloseKey
GetSecurityInfo
EnumDependentServicesA
SetThreadToken
OpenSCManagerA
ControlService
QueryServiceStatusEx
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid
CheckTokenMembership
InitializeSecurityDescriptor
CryptReleaseContext
shell32
SHEmptyRecycleBinW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExA
ShellExecuteExW
CommandLineToArgvW
ole32
CoGetObject
CoUninitialize
CoInitializeEx
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE