Overview

overview

7

Static

static

3

1673d17670...18.exe

windows7-x64

7

1673d17670...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1673d1767011b821241033ef0f0bd0fc_JaffaCakes118.exe

  • Size

    3.1MB

  • MD5

    1673d1767011b821241033ef0f0bd0fc

  • SHA1

    a4adc1b3e1743ff8979329ab1e7954d161d5337c

  • SHA256

    49549e75448241a060af3dffdd03ab5b5243e493ca07b9a1519a5aa320e473fa

  • SHA512

    da462bb4e2d15c525458923754bc32714fb5febd72b5b3c6aa9d3b120067e3f16a3ddb54d8ea56a84b0775d43ea76f119e0812ab0ad443764e94b6dbfc61f87b

  • SSDEEP

    98304:5mSWOiIyU57Gs/WPwbo/4SjVLUjH5oxFbxx:5XnL/sUo/4SjVUjZEdx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1673d1767011b821241033ef0f0bd0fc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1673d1767011b821241033ef0f0bd0fc_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Users\Admin\AppData\Local\Temp\B6FC.tmp
      "C:\Users\Admin\AppData\Local\Temp\B6FC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\1673d1767011b821241033ef0f0bd0fc_JaffaCakes118.exe 2BFAC830CBB32285B9E78D5E512FAD317E42E70796E686F73034A3ACD3B0BAC37979CFC334A3B4C60EF2B121FC31C91FD1EBD127FFB11BD8C0EBBD50990DE06E
      2⤵
      • Executes dropped EXE
      PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B6FC.tmp
    Filesize

    3.1MB

    MD5

    eea4b0f43f6bdceee62ac40adcdb5a5d

    SHA1

    d7fad9790665e7e8490f71bd979ae588601a00e1

    SHA256

    901dd5a77db840ae710b99199a298a4567ca122f30324928819791e0bd12e65f

    SHA512

    2102d4bc26bef91d38fd96eb398829d226aed89e035f022f65764354192674de9fcd2aaea8d0ac5229909afba4f84efc98b74f1c16293fd4a938213802782e8c

    Download Submit

  • memory/1912-5-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4768-0-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download