Overview

overview

10

Static

static

3

JaffaCakes...2f.exe

windows7-x64

10

JaffaCakes...2f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 20:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_184fecb312eaf2126f45867b2a6975769ab0b0af44abea6d2fa91fb48607072f.exe

  • Size

    699.0MB

  • MD5

    85053ea117b5f3e6b195abf8073d7f62

  • SHA1

    e4289435a70f4f8f75e2f5ebd6a9d012cbac8c88

  • SHA256

    184fecb312eaf2126f45867b2a6975769ab0b0af44abea6d2fa91fb48607072f

  • SHA512

    6615cf2e3dbe265a0d1c3afdb56354145a987b93a051c68a83caea9eaf8e2364bf03b3fb768f35d0953d07f1cabfc06e674610a0b0e149c6e9beccf772c5ec83

  • SSDEEP

    98304:nxh4vGomjs9hJ+dvvGwWyO+P5IdFfzO0lCV37+tjBqc0DND8hawxmbxdej:wsjs0dvNdO+xoFf/43ytgDNwh9xoej

Score
10/10
privateloaderloader

Malware Config

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Privateloader family
    privateloader
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_184fecb312eaf2126f45867b2a6975769ab0b0af44abea6d2fa91fb48607072f.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_184fecb312eaf2126f45867b2a6975769ab0b0af44abea6d2fa91fb48607072f.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2344
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:3696
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:1580

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2344-0-0x00007FF6B4A72000-0x00007FF6B4DAA000-memory.dmp

        Filesize

        3.2MB

        Download

      • memory/2344-1-0x00007FF81C530000-0x00007FF81C532000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2344-6-0x00007FF81A090000-0x00007FF81A092000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2344-5-0x00007FF81A080000-0x00007FF81A082000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2344-4-0x00007FF81AF10000-0x00007FF81AF12000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2344-3-0x00007FF81AF00000-0x00007FF81AF02000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2344-2-0x00007FF81C540000-0x00007FF81C542000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2344-7-0x00007FF6B4710000-0x00007FF6B537E000-memory.dmp

        Filesize

        12.4MB

        Download

      • memory/2344-18-0x000001BDBA370000-0x000001BDBA378000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2344-19-0x000001BDBBC70000-0x000001BDBBC97000-memory.dmp

        Filesize

        156KB

        Download

      • memory/2344-22-0x00007FF6B4A72000-0x00007FF6B4DAA000-memory.dmp

        Filesize

        3.2MB

        Download