Overview

overview

7

Static

static

3

dbeade4b6a...18.exe

windows7-x64

7

dbeade4b6a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    115s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-04-2024 05:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbeade4b6a6e733c1d40e75a9d35077c_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    dbeade4b6a6e733c1d40e75a9d35077c

  • SHA1

    5be0ffaa4025ccf9b1e9b9c8f8806134e46bd3db

  • SHA256

    abf34fdddbe98f158f84191c896bd4ca55e5fb4fb1eff09353b250d5a076cd90

  • SHA512

    f6a3b82960298d63b3ee95b705fc488d0cbe9e830194e11c2ca7a28eb77ab49a5970305e522d1256afe373979f1838a1a4107f7328f53f3367f029633f1d1b3d

  • SSDEEP

    49152:Qoa1taC070d+aSQHaqatRcbl3ZfrrjTYWHQdtpCaem8Jw6:Qoa1taC0d92atSblBjTl8C7Jw6

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbeade4b6a6e733c1d40e75a9d35077c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dbeade4b6a6e733c1d40e75a9d35077c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Local\Temp\74A3.tmp
      "C:\Users\Admin\AppData\Local\Temp\74A3.tmp" --splashC:\Users\Admin\AppData\Local\Temp\dbeade4b6a6e733c1d40e75a9d35077c_JaffaCakes118.exe 16D4978CB80DA6757BB2749346EDD9C9B80199BE1C65C91670F7DB2F0E59C5739F0353B456429A85D2B3B02BB707869B41CC3913CB2937E1DD348CD354D82463
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3800
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2260,i,3303482231723870786,2954015409682154873,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4700

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\74A3.tmp
      Filesize

      1.9MB

      MD5

      1d2dd53587a7c7065f35f08a5eeb3585

      SHA1

      ce8837be83f0ec1d5f1cfb560f2a519f745ed33f

      SHA256

      035dfbc0a8fd814aefe51afca55bf71e9ea596d023a2e225704b8d2ee55181d4

      SHA512

      e316b9f18a567ad80198f918b7f73fdecc2824f03aa1de0e2292717de924001838537c5f9316de75f651c429976d2d135fb5de99841ab933c2d9a3da57a48a31

      Download Submit

    • memory/3800-5-0x0000000000400000-0x00000000005E6000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4392-0-0x0000000000400000-0x00000000005E6000-memory.dmp

      Filesize

      1.9MB

      Download