Overview

overview

7

Static

static

3

018949f4d5...18.exe

windows7-x64

7

018949f4d5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    018949f4d59bf1d9c9db33a16392df6a_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    018949f4d59bf1d9c9db33a16392df6a

  • SHA1

    4920edb7e84e37608049ef34514de3e98a5edcf7

  • SHA256

    897fafbeec0b8a38cab6065c5587e3f4c51482bb2f879c37cf7c198331838aca

  • SHA512

    93773306d657e9b4dab0ce255571144ccc5f7e348c05f95df9ecf364fb4d9e2e1ddcc0df801a28e03b9e146e493143550e1b23e0a90e1ede36cab57572da5563

  • SSDEEP

    49152:Qoa1taC070dY1AH1H9Cl5cGHjZQqXYLsg6ayRCuMXxlj:Qoa1taC0iRFsjmgeV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\018949f4d59bf1d9c9db33a16392df6a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\018949f4d59bf1d9c9db33a16392df6a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Users\Admin\AppData\Local\Temp\4D07.tmp
      "C:\Users\Admin\AppData\Local\Temp\4D07.tmp" --splashC:\Users\Admin\AppData\Local\Temp\018949f4d59bf1d9c9db33a16392df6a_JaffaCakes118.exe F2A3E40A96E60856532173C8F8054C2B8E988C78F88D01F9627C02C3C549FB990E2EFAADFD2B1D5942A44CF8B2CF4B7B4D3EBCD1020E201845F06ADD56BAC257
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4D07.tmp
    Filesize

    1.9MB

    MD5

    138d568c7ffdae4630bbafaa513daf73

    SHA1

    681b3cf3b716e77f2f1106103d2091c4a38e7483

    SHA256

    f80ab47f5654aee0357d9ab802b2914456500871315aad07545a7d910971410e

    SHA512

    d8267bfbb8a21ee4dacdc1c8e9f075aebbddf7d6014ee2635961fa2c585ce483fb676aae6b1e997b411cffb4c072ad0ccfa7ef58a300a3003c97e220602f0322

    Download Submit

  • memory/3532-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4556-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download