Behavioral task
behavioral1
Sample
a7e96a6fb0d3905a3b9b2697f2d96f20_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a7e96a6fb0d3905a3b9b2697f2d96f20_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
a7e96a6fb0d3905a3b9b2697f2d96f20_JaffaCakes118
-
Size
65KB
-
MD5
a7e96a6fb0d3905a3b9b2697f2d96f20
-
SHA1
d71b6e97a3cdb9dcdca43252f83b1fbdb3c0597d
-
SHA256
308203cc99eb731ead8bff29642f9208ea9f5df8f4b6cd6535f1d47d8e4d0e1f
-
SHA512
351454361a41bc803e932495cb327b4052541d2d035d0cd4ed34df73dea86c25fa60ae9fc3321d0b6b4f4087c4765375d4b42fe4d4a89f612f0eb4e8d4911580
-
SSDEEP
768:oScu8aE28Wxlyz/SqsO/18CQXAbyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:o728ag/d/zOxqjQ+P04wsmJC
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
resource yara_rule sample family_neshta -
Neshta family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a7e96a6fb0d3905a3b9b2697f2d96f20_JaffaCakes118
Files
-
a7e96a6fb0d3905a3b9b2697f2d96f20_JaffaCakes118.exe windows:4 windows x86 arch:x86
14610dd0ebbc796a9a3a2ba2cdd24e79
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
user32
MessageBoxW
Sections
.text Size: 512B - Virtual size: 80KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE