Overview

overview

7

Static

static

3

d2294c22a4...18.exe

windows7-x64

7

d2294c22a4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2294c22a42d7403a7fc6b7759aafe12_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    d2294c22a42d7403a7fc6b7759aafe12

  • SHA1

    c27701c01600c5b04b165727b57593007dd6500f

  • SHA256

    b1d9f55211f508cf3c8137725230839bfdf7bc713a3363d8613c6b7a118a31e5

  • SHA512

    3c1d781261eedaade804231c4cf18c966ab13d6759687492f8073b513b86d44c8286f449ccc0d7ac1e64f401738c324d5456d31ba05b595687d6c36d9708487b

  • SSDEEP

    49152:Qoa1taC070d2FoKae6VHwg4mWy6ZX/oPT2IFcq9oV99zI:Qoa1taC0LFoAeBmk2bq9oVfM

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2294c22a42d7403a7fc6b7759aafe12_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d2294c22a42d7403a7fc6b7759aafe12_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Users\Admin\AppData\Local\Temp\372D.tmp
      "C:\Users\Admin\AppData\Local\Temp\372D.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d2294c22a42d7403a7fc6b7759aafe12_JaffaCakes118.exe A52EDEA291FA533EF85DCEBEBE696A39F157B0123D03C73F323F1F38F08DD027B31559059EF9A749FC7BC49DBB714607143BB8A6196962D6C0F1A732485DADF4
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\372D.tmp
    Filesize

    1.9MB

    MD5

    8d0bc0ff6cb6fe489b50124b8fff679a

    SHA1

    2c376b8a2bb4e5691d427d5e82b17f591c226e6c

    SHA256

    74e83ac8dadea3304bc0d98dc6a78c22cdc03a853ba23fb1bc9d5d99d57cc530

    SHA512

    7f577cd26c5fc71d3a78c6f713c31a689e053886f35fa6eed5bcb40fd4c428943973ee1c0d8d8a6573a46c9d2b9fc0560ee38ba8ab9d2cda50bb9dca76065da3

    Download Submit

  • memory/3200-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5068-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download