Overview

overview

7

Static

static

3

ecbf4ca3a1...18.exe

windows7-x64

7

ecbf4ca3a1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    11/04/2024, 05:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ecbf4ca3a13f0b88d3f47397bd6c7387_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    ecbf4ca3a13f0b88d3f47397bd6c7387

  • SHA1

    e63664449fcf50e744b6048c3f46137798a11556

  • SHA256

    111d6499dd1e96785368e67fcf7e7d1585358e96d5f25627ddccd8eae89458e8

  • SHA512

    6f02058a0139437c90bb659d211a4f65d0046ddd8eba047392117acaf3f70c4880b9b54529080dbd298c98314d3ab67ac18872058ffc096a4391f438d798af3a

  • SSDEEP

    49152:Qoa1taC070dpct5FogyM47RDMB507YGWhise9q8Q:Qoa1taC0iwolM4iBy8GWhisCm

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecbf4ca3a13f0b88d3f47397bd6c7387_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ecbf4ca3a13f0b88d3f47397bd6c7387_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Users\Admin\AppData\Local\Temp\11BC.tmp
      "C:\Users\Admin\AppData\Local\Temp\11BC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ecbf4ca3a13f0b88d3f47397bd6c7387_JaffaCakes118.exe 12266D2C88350B678AD9D1C2BD912E45FD5E55A4B64BCE19C6775B31F8E7D9A152C2980373E0FDC5BBEA224F2819716E754E71C4E69ABAC5FBBAD1BAD885EDC1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\11BC.tmp
    Filesize

    1.9MB

    MD5

    759bcea4458fbf0e41fb32580d7f116e

    SHA1

    37f0dda738ac5c6602265d1dfbbfa4f81a2cdac5

    SHA256

    a77f52ed591512e767ba3b8a3f00a172166e76f65d910c8b23b8aaec138407e4

    SHA512

    d91c0f1765fd3b65d9161d6b303848ec5d67dfeddf979716569e73ba8f4aaeccf8f675c966e818ef8164c0b8bcc570eff6c88c622b1d112d2c777c9fc6fb03c4

    Download Submit

  • memory/2952-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3040-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download