Overview

overview

10

Static

static

3

JaffaCakes...0f.exe

windows7-x64

10

JaffaCakes...0f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2024 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_a931840a162cb636603a137463cea414aa9d906654d6bb12a92d6cad981a1b0f.exe

  • Size

    685.0MB

  • MD5

    096dc1fabe1ad64b3e2396c8e6aa4fca

  • SHA1

    2038df7cae2b236982d1acc5ce9314dcf1132ed0

  • SHA256

    a931840a162cb636603a137463cea414aa9d906654d6bb12a92d6cad981a1b0f

  • SHA512

    58f66cd7bc84b860b2c43059effd5e299f2493730ed88d5f1cb2381bf73d71d9cdabd26d6d986ee930bfb60fbdfb8b45336522d864e85300012c72a1e1200cf3

  • SSDEEP

    196608:PhXPU493Ffe2lrHmPvq4+tocAgGYqBsb2N:PlM4ZZe2pKL8o1USN

Score
10/10
privateloaderloader

Malware Config

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Privateloader family
    privateloader
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a931840a162cb636603a137463cea414aa9d906654d6bb12a92d6cad981a1b0f.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a931840a162cb636603a137463cea414aa9d906654d6bb12a92d6cad981a1b0f.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4668
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:4228
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:1696

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4668-0-0x00007FF7F37A8000-0x00007FF7F3B80000-memory.dmp

        Filesize

        3.8MB

        Download

      • memory/4668-1-0x00007FFFE06D0000-0x00007FFFE06D2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4668-3-0x00007FFFDFED0000-0x00007FFFDFED2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4668-2-0x00007FFFE06E0000-0x00007FFFE06E2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4668-6-0x00007FFFDE1E0000-0x00007FFFDE1E2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4668-5-0x00007FFFDE1D0000-0x00007FFFDE1D2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4668-4-0x00007FFFDFEE0000-0x00007FFFDFEE2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4668-8-0x00007FF7F3440000-0x00007FF7F4230000-memory.dmp

        Filesize

        13.9MB

        Download

      • memory/4668-18-0x00007FF7F37A8000-0x00007FF7F3B80000-memory.dmp

        Filesize

        3.8MB

        Download