Overview

overview

7

Static

static

3

2ac8a9004c...18.exe

windows7-x64

7

2ac8a9004c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 19:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2ac8a9004ccb93730af4064bc36a100d_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    2ac8a9004ccb93730af4064bc36a100d

  • SHA1

    c937736556f53fe24ca51386fbf771ff12ea2cf5

  • SHA256

    0b3655b797a704679dceb10a7db8dae2625a8d3b0050b52bbe5857066439dab8

  • SHA512

    f56f5e01ce99769c24d3bab49187c7b5bdf260655f9179384de9a5bd256acdd075ef8ab3eb2fa876c7bbfc4e3a2ff28fa07e168bc5fc97ccc2a5df4f8af31ef8

  • SSDEEP

    49152:Qoa1taC070d8PPnnBuWPFt8CNTAHyOdbBbgGOxkUBG:Qoa1taC0L0WNiKTAHXvbg1xkUM

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ac8a9004ccb93730af4064bc36a100d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ac8a9004ccb93730af4064bc36a100d_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\780.tmp
      "C:\Users\Admin\AppData\Local\Temp\780.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2ac8a9004ccb93730af4064bc36a100d_JaffaCakes118.exe 2E344A8E83272DA3B42FF3AE3427B9E7B82ED04B82BA03BE90E7E9DC8D663FD47232843BBA75683D7FC8D90F6BD8BF4C3CBE55E3153B6E4CDC2901DF701B5C0B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2208

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\780.tmp
          Filesize

          1.9MB

          MD5

          43fad64c388b46107d5fc9a570a07432

          SHA1

          6915d303002e6657f6f33ddc147dc8cc96650848

          SHA256

          782b9a738d1f788471403bc511a3e59cfcb0b4801eabdee8af4a4e7e02a7be8f

          SHA512

          ec7f0e30a208975f69ed933cf5e67a737f7c512cf5eef6db8b03069515363b1ec3fb97afbe8cd938633f0afb020d944e6fabbfb9ac1e50c3c8e6ba4fd316599c

          Download Submit

        • memory/2208-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2380-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download