Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-04-2024 07:49

General

  • Target

    ecec8023f18a464c2190c3ae00a63a30_JaffaCakes118.exe

  • Size

    402KB

  • MD5

    ecec8023f18a464c2190c3ae00a63a30

  • SHA1

    cd8ae8fd15ba1f739271e290bf46c8857b952986

  • SHA256

    96bb950fc0d8f6c356b764ce7172b43ff32533d14a75dbca747166482fc0f9f6

  • SHA512

    37b8974e9009fc5937bb1ccbaa51e07eb4eba2b4a60b4e4b790d668b086fb8b6e8a72f413d3d33d3922f5fabb46090bb1e369ccd05881b39d6c7cdac94fe567a

  • SSDEEP

    6144:5Jb4WHEZCnjxT0ysj/1VQOMRswYAvq88Jv5hUwCyqz5DBA0kpw7F1f6iizM:5mYjJo1VAbYACFv3U3/z5kpwT6iiz

Score
10/10

Malware Config

Signatures

  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

  • Expiro payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecec8023f18a464c2190c3ae00a63a30_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ecec8023f18a464c2190c3ae00a63a30_JaffaCakes118.exe"
    1⤵
      PID:2756

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2756-0-0x0000000001000000-0x00000000010FB000-memory.dmp

      Filesize

      1004KB

    • memory/2756-1-0x0000000001000000-0x00000000010FB000-memory.dmp

      Filesize

      1004KB