Overview

overview

7

Static

static

3

c975326a8a...18.exe

windows7-x64

7

c975326a8a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c975326a8af3bed48adb6f1fc0eff500_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    c975326a8af3bed48adb6f1fc0eff500

  • SHA1

    ebdd51288fa91df6b0a9cd9a936a7d1f3f5c5f0b

  • SHA256

    4b2ab7bc0771bc7c0f3e6e7b6daa835b9928da8dcdbe8c5fd697ae2595588e38

  • SHA512

    31a096bc40537ec33a7795295dd50daf3efa88bb9db9e5badb164985d404563852b156bf5c836053a357e40d6882ae63c9cc7ebe12451c41f1b82c027f37b573

  • SSDEEP

    49152:Qoa1taC070d6BDzV+hE4U52b6DXDz8T9SOhc:Qoa1taC01BV+hE4U52bYk0OG

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c975326a8af3bed48adb6f1fc0eff500_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c975326a8af3bed48adb6f1fc0eff500_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\1130.tmp
      "C:\Users\Admin\AppData\Local\Temp\1130.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c975326a8af3bed48adb6f1fc0eff500_JaffaCakes118.exe 8984DEA1A7FE036516B9957F404370F41029CF1D00AC4FB59908F83F8BF22111BA9E21241E04BA27147968202D6E1E188987ED01B2F90968F48B93C7B3B7EBC7
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1130.tmp
    Filesize

    1.9MB

    MD5

    0c9ee8cbdb9fb7761326a0c7d295c8fd

    SHA1

    7da94151cabc1d4b09c6b7b6fbb1e6c799a0d490

    SHA256

    4835752a99a72aa4cd793cbd525dab3a70d070fc24f7927adb8e0adf7ed9fca8

    SHA512

    5b75fb63ad373478111fe36d357bfba0886c7b25ba9cefaf96105fb583d50529e3bbc55576920fcaa995e5b6bb5dd077bfbe8736c6594da0c9a649e4e88325fa

    Download Submit

  • memory/2164-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2724-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download