Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 08:10
Behavioral task
behavioral1
Sample
1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe
Resource
win7-20240611-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe
Resource
win10v2004-20240611-en
5 signatures
150 seconds
General
-
Target
1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe
-
Size
85KB
-
MD5
1a8c4d88c4fa380ff11f201f8ceb976b
-
SHA1
f41a3ae18c30aaf2724d6b71702ec3927464e6c3
-
SHA256
6e9834a7440cb1a6b2b1ee6bb57b3b396079f81839c689c0c4a065f12eea6869
-
SHA512
33295b759344db2b1e6fb342d1da01172cc252f4097f63e6ae9fc76e30e0a2ec91375318293ffca4e8b928ea0f76ca78d82bca6a3894e8ce918893f535e65ae3
-
SSDEEP
1536:tzTV8ja1LqV51oLUQutfTKR/kCRu2Afl89t4+7o7GT8ER27xXWuTDPZp0a1FcJqT:tvV8ja1+ZoLUQUf2/kCY2Afl89jFR21T
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1936-0-0x0000000000400000-0x0000000000425000-memory.dmp vmprotect behavioral1/memory/1936-1-0x0000000000400000-0x0000000000425000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exepid process 1936 1a8c4d88c4fa380ff11f201f8ceb976b_JaffaCakes118.exe