Overview

overview

7

Static

static

3

e2bce52203...18.exe

windows7-x64

7

e2bce52203...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 14:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2bce5220388aff770b76c338528f063_JaffaCakes118.exe

  • Size

    2.0MB

  • MD5

    e2bce5220388aff770b76c338528f063

  • SHA1

    ef95bfc9e0f9bcdda22ff813ada39c78ea52dcda

  • SHA256

    d463e4e41cbe575523ae4522151a1dc9bd2f6105767bc1dd2314e3a88402a7a7

  • SHA512

    09a51b8ca6985ca2f62802858a1f546f2dd0b05727ffaef2299c7b3ed58d5db6508d0c65c7e96f15e113def5057725bc52bfffa7a2945e1a6e9d582ad9b98fc4

  • SSDEEP

    49152:U75oq6ubQax43catLHHV06fi1lqOFOOCdkayiUGtHMDY5WtvykbUL0u:05oJuM08bq1laOCdkayi31MDoWtvykGt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2bce5220388aff770b76c338528f063_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2bce5220388aff770b76c338528f063_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4632
    • C:\Users\Admin\AppData\Local\Temp\is-CULNG.tmp\e2bce5220388aff770b76c338528f063_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-CULNG.tmp\e2bce5220388aff770b76c338528f063_JaffaCakes118.tmp" /SL5="$800E8,1688274,70144,C:\Users\Admin\AppData\Local\Temp\e2bce5220388aff770b76c338528f063_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-CULNG.tmp\e2bce5220388aff770b76c338528f063_JaffaCakes118.tmp
    Filesize

    709KB

    MD5

    03f3169c140c3f526ddfec00c6c1a56f

    SHA1

    445884b1e9483ce1f99c23a6ca3fad0858310bb9

    SHA256

    28bf9cc16e975c1b5ad3721ea4bc0a06feab5d1cac558dc265542620a6e79e2a

    SHA512

    f613bd90624b0f261c21113610ef8b652e3f1360436720d972ae1a6a29a8133060bfa03f7f0edbd7f45b054f76b13301168fee7d56eb5f4cfd23adeebd84b7ea

    Download Submit

  • memory/1092-6-0x00000000006C0000-0x00000000006C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1092-9-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/1092-12-0x00000000006C0000-0x00000000006C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4632-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4632-2-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4632-8-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download