Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
03-07-2024 01:47
Static task
static1
Behavioral task
behavioral1
Sample
20ab2155e5dc9d0f4a12c70e641bd190_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
20ab2155e5dc9d0f4a12c70e641bd190_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
20ab2155e5dc9d0f4a12c70e641bd190_JaffaCakes118.exe
-
Size
488KB
-
MD5
20ab2155e5dc9d0f4a12c70e641bd190
-
SHA1
2f2425c7e166a8be1e84f24286b80e81ea5ea479
-
SHA256
053bd97521881696c6a790e7427b9413fe7204a8ec45bb0e9ea8c61366dcbc74
-
SHA512
2256706df84aea0c189c5bf8dfd76db09cc02cb389f887d8d1d0082b5b6ff5945711c004e4d3425d994d05d747b610d0fcc01d0b1aa58003a5c0d6c508627eb3
-
SSDEEP
12288:43WFuM8pWrrwPShtMnrSeNA9mPBv8OqWR:AWRHgSnKSeNyarqW
Malware Config
Extracted
cobaltstrike
http://lionpick.com:443/image-directory/profile.jpg
-
user_agent
Host: mail.ru Connection: close Accept: image/* Accept-Encoding: gzip, br User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
20ab2155e5dc9d0f4a12c70e641bd190_JaffaCakes118.exepid process 2184 20ab2155e5dc9d0f4a12c70e641bd190_JaffaCakes118.exe 2184 20ab2155e5dc9d0f4a12c70e641bd190_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2184-3-0x0000000001CC0000-0x0000000001CC1000-memory.dmpFilesize
4KB