Overview

overview

10

Static

static

3

f988eedc78...18.exe

windows7-x64

10

f988eedc78...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 02:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f988eedc7896eb18defb9e71a0832488_JaffaCakes118.exe

  • Size

    611KB

  • MD5

    f988eedc7896eb18defb9e71a0832488

  • SHA1

    48cad28c0d06006513659c1a73e75a4810689c27

  • SHA256

    c82275cb038a9d0d23f3fb038158fbc6a23690583df78031fcd2499c204fa022

  • SHA512

    5b645f314ec242a10b6421cbd702d6a8f0e9e76eafc30b0f5180f97e907d61358076aa2d81c8b7b1af63e30139904473456b9dbfd6c42f2f5dd57d27dae444b8

  • SSDEEP

    12288:GMpK6ep7cOfGmt8EO8qKgikt/Gm2U0nsNSOLQVYnf:ZU7cOfGmpfY/GpsNSO0Ynf

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f988eedc7896eb18defb9e71a0832488_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f988eedc7896eb18defb9e71a0832488_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2212-0-0x0000000000210000-0x0000000000251000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2212-2-0x00000000024C0000-0x00000000025C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2212-4-0x00000000024C0000-0x00000000025C0000-memory.dmp

    Filesize

    1024KB

    Download