Overview

overview

7

Static

static

3

e9ec38879a...18.exe

windows7-x64

7

e9ec38879a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 11:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9ec38879a71d192da890016766f32f7_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    e9ec38879a71d192da890016766f32f7

  • SHA1

    7037e33347148e53984ce996e9563151dfea1ee7

  • SHA256

    05e69c815fc28759d3d7935b90692fccea9350712f959f096f8ad2ce5dca24e8

  • SHA512

    f3c8f006770cf18facb721eab4f4cc08635fcfa1a629ad5993d08c8cf29a502c68c414c1c1722b837b11d1eaa25aef33f375dc9911533569593ba6ad0bc97c0b

  • SSDEEP

    24576:SypW9SgLNZaOdcTMuUvxIg0ana3xkXehNkw+sHE5lj8rp8yV/HbYlb:St9SgLNZa6xILanKcezcsHE5lgrN/HY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9ec38879a71d192da890016766f32f7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e9ec38879a71d192da890016766f32f7_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:364
    • C:\Users\Admin\AppData\Local\Temp\6CD3.tmp
      "C:\Users\Admin\AppData\Local\Temp\6CD3.tmp" --pingC:\Users\Admin\AppData\Local\Temp\e9ec38879a71d192da890016766f32f7_JaffaCakes118.exe 24462DA3351F120B4218F000137C44673B82CB3BA27E3CBF9EA367875A1D70C850AE4492669515C493C6EFA7928C64D9D33EC1D63377BE4E6ADA04C17D2E0D3A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6CD3.tmp
    Filesize

    1.1MB

    MD5

    3342f26d18a93fbb9b5b6f0a0a6d616f

    SHA1

    7bf55e790da79130e109c8993abf23209b3723ac

    SHA256

    f7dbd96a590eaf894d4332ec928860d9f26c56d6fae2bd3e83c680c5d7fdea70

    SHA512

    9e022916160ad701f88705d7cf23561a2e2abcca9584d8dc5e931115dda50c4b69798c3da80f0995cdf9cadf0e6b4312c2b29740de35cf95175407b8e24f9934

    Download Submit

  • memory/364-1-0x0000000002A00000-0x0000000002A50000-memory.dmp

    Filesize

    320KB

    Download

  • memory/364-0-0x00000000009A0000-0x0000000000AE5000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2452-7-0x00000000024E0000-0x0000000002530000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2452-8-0x0000000000390000-0x00000000004D5000-memory.dmp

    Filesize

    1.3MB

    Download