Overview

overview

7

Static

static

3

c120cc33ca...18.exe

windows7-x64

7

c120cc33ca...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-04-2024 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c120cc33ca9d4a29e0f13d7189ff6c69_JaffaCakes118.exe

  • Size

    3.1MB

  • MD5

    c120cc33ca9d4a29e0f13d7189ff6c69

  • SHA1

    977d85c1623215b418d4294fa7bbcba81629c62f

  • SHA256

    f349acd7d4814ad4c79ec769c3d74a8a737025cbf2cd737fd288c26aecd7a9cb

  • SHA512

    93700a0fa8769f90398265e94c3eae044c2aa50ea676b037d100b830b449be7b4e4a1c582dc005a97bc7697a1e8fd05cc41d0fc566d7aa7e0c79f0989a75695f

  • SSDEEP

    98304:5mSWOiIyU3nzf5bXrUyQHSVLUjH5oxFbxx:5XVf5bXgyKSVUjZEdx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c120cc33ca9d4a29e0f13d7189ff6c69_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c120cc33ca9d4a29e0f13d7189ff6c69_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Users\Admin\AppData\Local\Temp\40E1.tmp
      "C:\Users\Admin\AppData\Local\Temp\40E1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c120cc33ca9d4a29e0f13d7189ff6c69_JaffaCakes118.exe CED43A8ECD67331FB42B44504A53E5B0B1189436F2D8DB941BE7FB2EA5FBD0E4849ECBCEDBC341E40F5F08E940BD6DCE00D8389AF5256EC2EA600FC5614E9D41
      2⤵
      • Executes dropped EXE
      PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\40E1.tmp
    Filesize

    3.1MB

    MD5

    1f31eb0392f60b6722a17b4b2cbb78f9

    SHA1

    97b7a802d3b126bed190ea213322446d968491b3

    SHA256

    9e0194fbed7b5670dd113f2b28f7c4fc2978d408ecc69f9607be1185da3c8b38

    SHA512

    f95b778a20461fbbb0c27c21ddeab5004ca7b3b279492349eb97b00931e8cff7fbdffc30c4ea5b08ac37850464971f7c9dd1edf5e8a96d254257d3ddb7e510e1

    Download Submit

  • memory/400-0-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1112-5-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download