Overview

overview

7

Static

static

3

26d4a64d1f...18.exe

windows7-x64

7

26d4a64d1f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26d4a64d1f1c8dd6c3386d8ee3c538b4_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    26d4a64d1f1c8dd6c3386d8ee3c538b4

  • SHA1

    91379c3b63f12caccc6d145c4ce82234ef0970b3

  • SHA256

    22634b8974da67fc542e245ab596a402c2d3208d27d8e36776c6f92ebfb0a2d4

  • SHA512

    e73d6c630ca8c29e488ddba4cac82af15fda1e3b6e3b8858491b8a1dd399a17094e491b817e7108e2a66c5b3d7922faecb75a371ff9a0ed957996ce95d7d08ca

  • SSDEEP

    49152:Qoa1taC070dFnZOXi96cyV2+52nNKz0KMr:Qoa1taC0SZqUyQ+52Mz0KMr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26d4a64d1f1c8dd6c3386d8ee3c538b4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\26d4a64d1f1c8dd6c3386d8ee3c538b4_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Users\Admin\AppData\Local\Temp\1A44.tmp
      "C:\Users\Admin\AppData\Local\Temp\1A44.tmp" --splashC:\Users\Admin\AppData\Local\Temp\26d4a64d1f1c8dd6c3386d8ee3c538b4_JaffaCakes118.exe DBAE5EAEF3A1BFC5F4DED2382993188745129F2001EF2C97D6824FAC77F35A10DBD54CFA3CD4F6C1CE384C6AC725B48E58B3A720AD221F64ABF9387A9EB2563E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1A44.tmp
    Filesize

    1.9MB

    MD5

    dbdd9ce78a3953969ac74bb6a466c4a8

    SHA1

    b78d1e019fd7883e505917dca141c7b90a5b9ecc

    SHA256

    7b8cdd9081120999cc641b9df70af952277ea657da03989a369a20eabb10ef3f

    SHA512

    0784763e59bf07011c3ef79e9c2894f51d94bf2057776ba26a2674119af8e40c9cbd927af072c2e52e571110c685e94280a45a9cc9f8f52d5ef148229fcd8d6d

    Download Submit

  • memory/2484-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2848-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download