Overview

overview

7

Static

static

3

1673d17670...18.exe

windows7-x64

7

1673d17670...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29-03-2024 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1673d1767011b821241033ef0f0bd0fc_JaffaCakes118.exe

  • Size

    3.1MB

  • MD5

    1673d1767011b821241033ef0f0bd0fc

  • SHA1

    a4adc1b3e1743ff8979329ab1e7954d161d5337c

  • SHA256

    49549e75448241a060af3dffdd03ab5b5243e493ca07b9a1519a5aa320e473fa

  • SHA512

    da462bb4e2d15c525458923754bc32714fb5febd72b5b3c6aa9d3b120067e3f16a3ddb54d8ea56a84b0775d43ea76f119e0812ab0ad443764e94b6dbfc61f87b

  • SSDEEP

    98304:5mSWOiIyU57Gs/WPwbo/4SjVLUjH5oxFbxx:5XnL/sUo/4SjVUjZEdx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1673d1767011b821241033ef0f0bd0fc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1673d1767011b821241033ef0f0bd0fc_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\14A9.tmp
      "C:\Users\Admin\AppData\Local\Temp\14A9.tmp" --splashC:\Users\Admin\AppData\Local\Temp\1673d1767011b821241033ef0f0bd0fc_JaffaCakes118.exe 6BD905C8598A08E8EED20A8187F728B943216AD7C090642B49B45610EBA91D57373015529525A52324D6F17DF2EFD21E35113F67E9E80EF34AA611DB42377485
      2⤵
      • Executes dropped EXE
      PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\14A9.tmp
    Filesize

    3.1MB

    MD5

    70597e8f00517d690ee125f9ee69521f

    SHA1

    ebde71605dfd29a0ba1c36c4807876d3cdfe656f

    SHA256

    2771aa3cdd7b0eaa2a71320d8aeb05249dd42cab64aa9c7ef6209efe30f0b0d6

    SHA512

    058c51ca089d1240b293c1631b984aa92ca1e260a0ba3d86a3f0f59f4ec68c7b4ac913d07983fa8980b177ee235a2bf5f849ebfe58e9aa79b36a203a663b17b3

    Download Submit

  • memory/2032-6-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2168-0-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download