Overview

overview

7

Static

static

3

ddd1a0fdf4...18.exe

windows7-x64

7

ddd1a0fdf4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 06:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ddd1a0fdf47e7a654b602a7f84752f6e_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    ddd1a0fdf47e7a654b602a7f84752f6e

  • SHA1

    660037009395ecddcfb3ef8e4896e0eb8ea643dc

  • SHA256

    0ca3bce5436b2c19d1102b8b9c71f664593151f91eb389420b460be2908c93d2

  • SHA512

    976dac417f3274d8abe114a3092e4aae8b8a16238efe08db7b78e103741675ed4a914027d2082b78ce4812d4a92a383d8f6f50c2d8bfedf88dd0496d5dbd287c

  • SSDEEP

    49152:Qoa1taC070dM4eZMS+cDWBS5aO1nNniSO:Qoa1taC0pdZ2tqaO1nY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ddd1a0fdf47e7a654b602a7f84752f6e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ddd1a0fdf47e7a654b602a7f84752f6e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Users\Admin\AppData\Local\Temp\5580.tmp
      "C:\Users\Admin\AppData\Local\Temp\5580.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ddd1a0fdf47e7a654b602a7f84752f6e_JaffaCakes118.exe 5F43E94A87CBD52FE7AE1479865B4B9C43DB6C1CBDA95A117A79DE0A47FE6E797E6574C160D5BCCF877C7C27177C769E79CB7245EDBF0674E0D0DE8EF6A21F50
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:628

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\5580.tmp
          Filesize

          1.9MB

          MD5

          3d472c7da90170cdbd97a18c3d427a41

          SHA1

          dfc50e45be7dcccd2c64639ebf67ec8bbb9d9ad4

          SHA256

          376e41cf45130c66d6b8705304ea5b08bcd7acc4dbe73fae64d1d9207ad1db2c

          SHA512

          6fc4403c9935a1a312d250135539ae0ec332449230ceb86c02b74ac74e7d4aedd3df027e582fba2cb68e80c7c1ca5ebc468137f81ed5d19a3cc9925941c2c492

          Download Submit

        • memory/628-6-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2028-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download