Overview

overview

3

Static

static

3

e77c73f3e7...18.exe

windows7-x64

1

e77c73f3e7...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/04/2024, 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e77c73f3e7fa401921f0ef0c9ee36c45_JaffaCakes118.exe

  • Size

    2.2MB

  • MD5

    e77c73f3e7fa401921f0ef0c9ee36c45

  • SHA1

    90f91b78e5216456e4a47412c69229a577390948

  • SHA256

    34a5a59495dd199f8a47fcdf9ae4129168734aaf98d5bdda98b833d8baad005d

  • SHA512

    a7f5b8f2db6ccc9126547bcfec4601160c9e93700b0ae91d1629bb13c28ba28c4428bbab26f26895f0ca73aeb1103f84910a44cf7cbc58b05b10db7d9eccda09

  • SSDEEP

    49152:GqIIbwjOGjcSi3QeM8P0O649Mn26QQuvrDG4qM9qNo25LK:RIeceO2en27LnGLM9qNjLK

Score
3/10

Malware Config

Signatures

  • Program crash 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e77c73f3e7fa401921f0ef0c9ee36c45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e77c73f3e7fa401921f0ef0c9ee36c45_JaffaCakes118.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2244
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 336
      2⤵
      • Program crash
      PID:3532
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 868
      2⤵
      • Program crash
      PID:3088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 872
      2⤵
      • Program crash
      PID:4948
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 884
      2⤵
      • Program crash
      PID:1664
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 892
      2⤵
      • Program crash
      PID:1208
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 844
      2⤵
      • Program crash
      PID:324
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2244 -ip 2244
    1⤵
      PID:4916
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2244 -ip 2244
      1⤵
        PID:2132
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2244 -ip 2244
        1⤵
          PID:2432
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2244 -ip 2244
          1⤵
            PID:2240
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2244 -ip 2244
            1⤵
              PID:1588
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2244 -ip 2244
              1⤵
                PID:1176

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/2244-0-0x00000000009B0000-0x0000000000C42000-memory.dmp

                Filesize

                2.6MB

                Download

              • memory/2244-3-0x00000000009B0000-0x0000000000C42000-memory.dmp

                Filesize

                2.6MB

                Download

              • memory/2244-6-0x00000000009B0000-0x0000000000C42000-memory.dmp

                Filesize

                2.6MB

                Download

              • memory/2244-16-0x00000000009B0000-0x0000000000C42000-memory.dmp

                Filesize

                2.6MB

                Download