Overview

overview

7

Static

static

3

dce1145eeb...18.exe

windows7-x64

7

dce1145eeb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-04-2024 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dce1145eebb32337c82af50db942d4be_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    dce1145eebb32337c82af50db942d4be

  • SHA1

    02e716229f504dcdd7f00535754c99b6f2bb58d3

  • SHA256

    d66a8c2d4ef95ae125d7d6c1fc98d003b374d96d5f6e83204d6d544dcfbd80db

  • SHA512

    22539553d81396476b8c8a90e949e8fa06645a6250e6beca2e05a55c950a5199d3f19500813a5c518bb389d59ab883b8afe04e6ccb12e7ce9624b88e772066bc

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dOWPQOJKY9gofixTvzli68WKFjEewcUtsnj2z:Qoa1taC070dOWP2TvpXKFjMcUtjQ2d

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dce1145eebb32337c82af50db942d4be_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dce1145eebb32337c82af50db942d4be_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Users\Admin\AppData\Local\Temp\2F9B.tmp
      "C:\Users\Admin\AppData\Local\Temp\2F9B.tmp" --splashC:\Users\Admin\AppData\Local\Temp\dce1145eebb32337c82af50db942d4be_JaffaCakes118.exe 1A0DE5499A0998C5B5089B183D5114DA4BDBF117829B24F8421228A5823C4F6CEF4A87B8F13F637CA022BD8377670412990B14210FE20796BDF4496EA46FB0C2
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2F9B.tmp
    Filesize

    1.9MB

    MD5

    2dbc4c28c7ad1ae001389474e3367a48

    SHA1

    f1c196e9da820819c2b62e58db86297a6fbfb548

    SHA256

    e791ee0b1443d167aee1156bbe624de9666f1a13715fdaab408ba1f91df66418

    SHA512

    60857d8cc6357a244d3ac67746e748e4de353bd84660af48e6937de16ae9f08646aa227b58cb448079ecb5520131185c05f6b8cfd38ae2bd7c86ba91da2d4fd6

    Download Submit

  • memory/1788-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3140-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download