Overview

overview

7

Static

static

3

e96d4eddec...18.exe

windows7-x64

7

e96d4eddec...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e96d4eddec55d5ad1d5ae58a3d77476c_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    e96d4eddec55d5ad1d5ae58a3d77476c

  • SHA1

    5c9907e6c240d101142f2127c3f799dae8586c66

  • SHA256

    893fc7ad3ab997ffecc20caa473af9eea1396a311383bea4a90c3200ed4a90ac

  • SHA512

    6af1e0b37353acf624b2316756b7c46c39b59dbd885f5686f4b5bc5e8bc69e78538ef4eb5c2d2b69b5f40d5aac337a452e2b20a3e9f6d1faca020da58ac5c12d

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10drihDHK36tU+DyDfuRpK7zUnDswWC9U2lgZXC:Qoa1taC070duF4adsMQrgRgZan/ByoUK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e96d4eddec55d5ad1d5ae58a3d77476c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e96d4eddec55d5ad1d5ae58a3d77476c_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5044
    • C:\Users\Admin\AppData\Local\Temp\472B.tmp
      "C:\Users\Admin\AppData\Local\Temp\472B.tmp" --splashC:\Users\Admin\AppData\Local\Temp\e96d4eddec55d5ad1d5ae58a3d77476c_JaffaCakes118.exe DFB61FFC74AB4AFD1CEC61BD2DC7A7CFBDC8D4990B7D31A386470F0C97FFB4DA5A0A7294415F03458D07CA5712970BA0680C9CB7A562A8601F1B19FE27784285
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\472B.tmp
    Filesize

    1.9MB

    MD5

    e188eb0679f0bd6d9b04ce890727ff82

    SHA1

    b80b95c3c4343cc42ff3222283c96bd884ba08a0

    SHA256

    1154d06310e55a6baf3e7b2dec5d74ef1d1592ef2bc1ebbb032239ca77be5b28

    SHA512

    27e9a5214d34ac387984a3eec586bb96b2e617ca7d38cb30b24c18b50eee77c82e8a1efc3e84eba7d58c1538eec94c64dcb84b0563cd28be0c9a628fde60dd39

    Download Submit

  • memory/1424-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5044-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download