Overview

overview

7

Static

static

3

1f73194f58...18.exe

windows7-x64

7

1f73194f58...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f73194f583dab29bad91b7177130c92_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    1f73194f583dab29bad91b7177130c92

  • SHA1

    32785b0a84ebc1352c87482a517f463e3f00476b

  • SHA256

    3a190f5003f530f8cd1bdbf9870deb8b3329adad6dd0707edb49ea68faddd713

  • SHA512

    ab811ab0234dc8886c55a096226f37c71819e800290e7cdabe1b034ad208c663941fbf3ded2f5753a4dfbba06335c98607537b8af8c2e773d27a2a36882ff2ff

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dYgKpoYTtXwLiJ6TcyrrTP+v+COaTHUzMmmH5:Qoa1taC070dYpoYJX/6wyrGvVlmY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f73194f583dab29bad91b7177130c92_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1f73194f583dab29bad91b7177130c92_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\2FDA.tmp
      "C:\Users\Admin\AppData\Local\Temp\2FDA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\1f73194f583dab29bad91b7177130c92_JaffaCakes118.exe B006BF4D6D24DFDB3A747309434B709EAE571076E765049396747D04514338E98FCD97FF2A94E5A9A5A439A7E025E0408F1EAA1592663C9AD897F832D040414C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2FDA.tmp
    Filesize

    1.9MB

    MD5

    84d99f0fdf7960bba52e51798aa88489

    SHA1

    9a913926661131759b07cd691f048f6b8a94a96d

    SHA256

    9ee4e2e9ccdd5de544f45f1ba613eb7db82882cb6f6ee9fbce6d84af738cf8fa

    SHA512

    26dd1cbd2d076992d73c31111e12cea32358f957aee9a6f2784c9cd890019b3d3c08dfdfd1ccc2c1abf3d64dd81ee7c5bfba6013849655f08133e88e96620f75

    Download Submit

  • memory/2168-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2980-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download