Overview

overview

7

Static

static

3

ce14bf7883...18.exe

windows7-x64

7

ce14bf7883...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 08:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ce14bf78832872c74823576418239d8c_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    ce14bf78832872c74823576418239d8c

  • SHA1

    048befc0f7c74e66d9f80422512fda3d9e936c0b

  • SHA256

    bf445c1a5a06d070fbbaa216595e2a043f38289388de55c457ff1c1f37a67438

  • SHA512

    b5d2539899862cd6e17d0e00dd5654c574d03320114a692b2e9594fc1c3dccbce07aaa054646b79a1f9d56b5703ba4d1754b93a0d89b2be8145b7892de202853

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dBp8e3Qh4JHOI/7Vc7ZgerDURgEjfzLh4t9iY:Qoa1taC070dv80QwObZlX60ntkdm0bQ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce14bf78832872c74823576418239d8c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ce14bf78832872c74823576418239d8c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Users\Admin\AppData\Local\Temp\2452.tmp
      "C:\Users\Admin\AppData\Local\Temp\2452.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ce14bf78832872c74823576418239d8c_JaffaCakes118.exe 6D7EE4F49291C526A768426F1665FC4F82F71F785FF7F9506216FD3A7D9C3FCCE04F5B87C96471531DF86576E520CD6415CB2772B514E74705358DBF3C28E206
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3012

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\2452.tmp
          Filesize

          1.9MB

          MD5

          9692abc1c8341b21a3c5d7e251cab3bb

          SHA1

          a0fd954b973c7ab7afaa66b75d06156ac76f930f

          SHA256

          ea6dd92d06e7158afe2e03e16fc5683a080bd4acd7b183a864e8e8549a5396d0

          SHA512

          83cb87c41ea90fde5f323739aefb7af6a84cdb9d2120f6abf9cbccfd8414ed7f64635f657819766e5930d23a98782cefd9ada5395a6e9f15181dedab4ec34392

          Download Submit

        • memory/2932-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/3012-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download