bdabb4bc5b1bf2146cd872eceaa4a8bd913d47090a43c1b512976f4f92e74e3c

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe
Size

385KB
MD5

e8cf43d66e162b3c2262d5e55cb5f7e0
SHA1

2fbab8d5fa1e0b19b273389365984c8a0220e48d
SHA256

bdabb4bc5b1bf2146cd872eceaa4a8bd913d47090a43c1b512976f4f92e74e3c
SHA512

f3dc8b64cca96f8f48cbf7e130bf4f33808c776dceda7a41ceaf472ece9d96cdeb5966ce047db555200e29cf75333d67e9908329b72f40630103111c949ecbdd
SSDEEP

12288:hVh02z5jl2RIImkfxOnwl+XNb5btxeV+8sB:hVTlOXcwl8bVeV+8sB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1048	e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
1048	e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	pastebin.com
8	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4280	e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4280	e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe
1048	e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 1048	4280	e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe	86
PID 4280 wrote to memory of 1048	4280	e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe	86
PID 4280 wrote to memory of 1048	4280	e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Users\Admin\AppData\Local\Temp\e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e8cf43d66e162b3c2262d5e55cb5f7e0_JaffaCakes118.exe

Filesize
385KB

MD5
d8584451c0a7779fe88238c161a99bfc

SHA1
5ace69b6c8e8c61cc1eb99d537ad2a2552105a89

SHA256
5f5badac4cbe943d1e4257279769c755bf45e20da8ce9ef682612462a1918975

SHA512
4f339adcadcb804eb38f807402696498dc4624058dc200c892d44a55feae28730bef146f4d57e151d66e259923a689d79620b5b83f083e03d3fbf37350669e3e

Download Submit
memory/1048-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1048-14-0x0000000001600000-0x0000000001666000-memory.dmp

Filesize
408KB

Download
memory/1048-20-0x0000000004E90000-0x0000000004EEF000-memory.dmp

Filesize
380KB

Download
memory/1048-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1048-32-0x000000000B7C0000-0x000000000B7FC000-memory.dmp

Filesize
240KB

Download
memory/1048-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1048-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4280-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4280-1-0x0000000001600000-0x0000000001666000-memory.dmp

Filesize
408KB

Download
memory/4280-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4280-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download