Overview

overview

7

Static

static

7

1b2994247b...18.exe

windows7-x64

7

1b2994247b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b2994247bb30f34d0f7ffbd946167b8_JaffaCakes118.exe

  • Size

    4.0MB

  • MD5

    1b2994247bb30f34d0f7ffbd946167b8

  • SHA1

    e627b77eb6f4af5955172c0d8336485b0c56bdc3

  • SHA256

    d144cb7a0a0be9a3e9ac2a052192821c62567311a02ba4c1d17f36c1645f9d41

  • SHA512

    d9b8180573cb3358135c3cb56a7ab31b9b95bde8a0890a87e5f4e3355f2675aa0a52839f491a64ae3ebd54dc0889c40766366a3b7d290559daa1ede6ca4a2ec2

  • SSDEEP

    98304:6WS9rzT+AnlasvtiGqPrYbSBgOQ7885oucy/+NMumE57VgQCnRlvQaHhXCWPZ0Vq:6WS9rzznllAlPkbmQ78KouROMuBFVg5X

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b2994247bb30f34d0f7ffbd946167b8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1b2994247bb30f34d0f7ffbd946167b8_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2868-0-0x0000000000400000-0x0000000000BDD000-memory.dmp
    Filesize

    7.9MB

    Download
  • memory/2868-1-0x0000000002890000-0x0000000002A9C000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/2868-4-0x0000000002890000-0x0000000002A9C000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/2868-5-0x0000000002890000-0x0000000002A9C000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/2868-7-0x0000000002890000-0x0000000002A9C000-memory.dmp
    Filesize

    2.0MB

    Download