Overview

overview

7

Static

static

3

d68f12aa65...18.exe

windows7-x64

7

d68f12aa65...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d68f12aa65d08e0acf6781e5252de32c_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    d68f12aa65d08e0acf6781e5252de32c

  • SHA1

    b6e77e7f4c3e2587101d63e941e998a2e7ff13f1

  • SHA256

    5bd616c39b46c4776209bac1c03b1551bb67fd0299ef05c3c1d9495ab3458971

  • SHA512

    360e7fa4f9386f5bf040b530aa8818db6fd215625f5c4ef7220c51158213d57b8f0414cd70aa01009c1fa6cb8d69013b5347ffd9895d1b711f6f03a120180a98

  • SSDEEP

    49152:Qoa1taC070d3lNXQ06waW/ZxIeEPYblM9Q7bV:Qoa1taC0MltQHw5Zx8UlM+7bV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d68f12aa65d08e0acf6781e5252de32c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d68f12aa65d08e0acf6781e5252de32c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\AppData\Local\Temp\4E6E.tmp
      "C:\Users\Admin\AppData\Local\Temp\4E6E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d68f12aa65d08e0acf6781e5252de32c_JaffaCakes118.exe 568AEDDD12959E661EE6D896ADE947836438B0FF7922B3452528B1F2B15A38A73F60C2A14DDB8E188EE70D47EC77F08CA4A7428ABB5F455A9F5FEF105AE55D37
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\4E6E.tmp
    Filesize

    1.9MB

    MD5

    0e04558cd9a321f1c138bf3ec34e2ca3

    SHA1

    a195be95b8ef05503de264624e38fa4ab8a79127

    SHA256

    c192ccc77504d74ad2dac168e58e407ad872b5aed7de26a0f14182cf96744912

    SHA512

    5005a72f413be271f28a77aa4ca7369f6f752fa5519e3d87d8133fb732d50df9d72e35326dda37b048542d882c038979aa2f569c09b9e1585058d4c0a776100f

    Download Submit

  • memory/1656-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2236-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download