457c8cb330efbb8a462697c96f275f7231b677cd6c97a466563511b25821e048

Analysis

max time kernel
138s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 02:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe
Size

385KB
MD5

ec772e3d12c03a490481f8683905703d
SHA1

b2c54cff054eaa0b4735609d02a7e4d168fb4385
SHA256

457c8cb330efbb8a462697c96f275f7231b677cd6c97a466563511b25821e048
SHA512

d10190f632b1bd36b2970bd5a54ea569d3f3f67d5852fbaff12c26a15720806d38fefb0ce2d79faff873f07951794d50d1458119f765a72e83f3502ef1918e39
SSDEEP

12288:hDiMoUppJ0lgNy2ro4cFC63XEKHuni/7B:BgUnJhk2KFCwEKHuiTB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4664	ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4664	ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	pastebin.com
8	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3152	ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3152	ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe
4664	ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 4664	3152	ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe	92
PID 3152 wrote to memory of 4664	3152	ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe	92
PID 3152 wrote to memory of 4664	3152	ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe	92

C:\Users\Admin\AppData\Local\Temp\ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Users\Admin\AppData\Local\Temp\ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ec772e3d12c03a490481f8683905703d_JaffaCakes118.exe

Filesize
385KB

MD5
da9764df4ecada9b7f8afb4aa52ad31e

SHA1
6d73efee6ebe975e6ef2ea0971643cf3b28b8482

SHA256
b585999b87fc384d0871b4e99f3bbd6f84875bb6ec34a003fc731b28883990b8

SHA512
569f9ba129f09e285067f557e4a0e8d05954afe3e68ef2d4f145b7b6a3dea3b3d2fd22f736430815219f8892b6d7491d558c4a26562c6b531bfd8f064a360da3

Download Submit
memory/3152-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3152-1-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/3152-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3152-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4664-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4664-14-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/4664-20-0x00000000015E0000-0x000000000163F000-memory.dmp

Filesize
380KB

Download
memory/4664-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4664-32-0x000000000C840000-0x000000000C87C000-memory.dmp

Filesize
240KB

Download
memory/4664-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4664-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download