Overview

overview

7

Static

static

3

cfbc2c635e...18.exe

windows7-x64

7

cfbc2c635e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2024 09:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfbc2c635e2211429639f3e9fbd589de_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    cfbc2c635e2211429639f3e9fbd589de

  • SHA1

    27ece2d71aedefd6983fe70588df1a0fa6877eb7

  • SHA256

    0d9deef41cdfe7a11ce1bfc0d8ab0291aab162a8360ec77df571693b3052fb7d

  • SHA512

    47bedf723d90e52a5fbc73c9720df4be29a5a8103e0a015eb716defeec83f566181122679416bdcb4ab3d2af15775e3cfb531e1d7835f449468b9f4bc8e8c78a

  • SSDEEP

    49152:Qoa1taC070dHPwRhdBvqVpV6YPXwzcvFJHpmDoG3F:Qoa1taC0MPrDQiwzCCD5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfbc2c635e2211429639f3e9fbd589de_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cfbc2c635e2211429639f3e9fbd589de_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Users\Admin\AppData\Local\Temp\11CC.tmp
      "C:\Users\Admin\AppData\Local\Temp\11CC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\cfbc2c635e2211429639f3e9fbd589de_JaffaCakes118.exe AFDECCBFDAC0AE48A0669629CFF2CD2DC1795BA010A31B45AF7AA718B4FB7954B98DEF4F46B53B32A9429F5EEE309D5927B0DB91BA5F7371565B2410A2B67E96
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\11CC.tmp
    Filesize

    1.9MB

    MD5

    e248ddc47dff4cf3117931788ded3910

    SHA1

    3a88dc4327ec74d6979176114f346c04fd53f208

    SHA256

    f5e8044a7aae832c13261abfae9bb0a1f118ac6df7cc7400af7f7ca1b73b24cc

    SHA512

    6f5ba06aa90ebacaa4059c1c21c1b9c20d545e1482b82414914129d1c1698916dad7884c9be838bf56d2c9ea3de6cc0f3b39af534fce9cb533c7cbd6aad8126b

    Download Submit

  • memory/2264-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2844-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download