Overview

overview

7

Static

static

3

0db01fb3ab...18.exe

windows7-x64

7

0db01fb3ab...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 19:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0db01fb3aba99dc18456d390216f991d_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    0db01fb3aba99dc18456d390216f991d

  • SHA1

    b239fa607f0ab57b960b6252046e27d24ca94aa8

  • SHA256

    db584935d8ac1512bebdd60ae2758bccae94663acf19a2bf1a62145b5318e2d6

  • SHA512

    bc68df7e27a443056682e87d4178c7a32421fb24cd0f9c10c7d4c19e7e00bf15d6c07293dae3f52e70e89d8a1260eac2b522f6fbe54daab010c93db29825c00d

  • SSDEEP

    49152:Qoa1taC070dtR/dAIzYgh8GUzXbKu1clsNczEhsZO:Qoa1taC065zBhmzrxHWwhs8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0db01fb3aba99dc18456d390216f991d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0db01fb3aba99dc18456d390216f991d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Users\Admin\AppData\Local\Temp\6C79.tmp
      "C:\Users\Admin\AppData\Local\Temp\6C79.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0db01fb3aba99dc18456d390216f991d_JaffaCakes118.exe E2D87BEB88FAF3FB6AF6AA72C681AE9F70231E877E7F1752C8C5A74E629602926545808E642A4EDB1159881F3E12727C422897D524DFA68289FFF82575188DB8
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2148

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\6C79.tmp
          Filesize

          1.9MB

          MD5

          37db8b44c26d62a815c4f1dca4adaad1

          SHA1

          45c39cf81994dcae0cd921464145d845c32cf098

          SHA256

          82f3b95ff70e3a56843724a487965ebfebfc8674ea7561348ce82fe49e6193b8

          SHA512

          559ce0f9246e2a1c425d5878dfb096bded61ebf001e0d7eb6d281653d99f7dae5d7e0b81fee690c8f786f1cf5a6f837a5869267eedc32a6a783591a540bbb781

          Download Submit

        • memory/2148-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2692-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download