Overview

overview

7

Static

static

3

f154e82e93...18.exe

windows7-x64

7

f154e82e93...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 14:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f154e82e931b7a4a2a3be34a4fd92abb_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f154e82e931b7a4a2a3be34a4fd92abb

  • SHA1

    d78a452e99eb779716fb425b55fea27bb63d627b

  • SHA256

    4213f83f911916d1897dbb264b08ecc2e25fd8b31a40f2e22aa87a0bf3f398c6

  • SHA512

    8f13d39dec1e2d5fa0bf5bd2bbbfbb7cde00ce4ad1f4bacb9c0dd0a34603bff58143a384ee89f06309acb453dc184b85a552c1832a58b9ad87ae0cda324abbb0

  • SSDEEP

    49152:Qoa1taC070dbTVXyNOThLBQwzz0ZKo50eNI:Qoa1taC0g0M/

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f154e82e931b7a4a2a3be34a4fd92abb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f154e82e931b7a4a2a3be34a4fd92abb_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Users\Admin\AppData\Local\Temp\5A74.tmp
      "C:\Users\Admin\AppData\Local\Temp\5A74.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f154e82e931b7a4a2a3be34a4fd92abb_JaffaCakes118.exe 9296C4F98E2A5BCF34B7C9C9B4E132CD54A4A242124DCBA64D0952919326784DC156150B6296486BF392D1EFA5BA3111A25B9FAD1ABBE3D27C2948B003E5048E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5A74.tmp
    Filesize

    1.9MB

    MD5

    a72ed2969bd26a4b07208a056ac6695c

    SHA1

    cf63a4149080876b6fb30793ec3e74980a94ef6b

    SHA256

    dc63e50062c634d2e1bb19d2f6eed0792e6024ffafc733e0df17ef0cf982cde5

    SHA512

    c30fdf506ddff5c624d4190af7d728a8f9ef7197da7955869a41788d1e30d48a05fcc67aa894ba9b8dbac985abbdda7f45da8a74197e20e768ea4b3a7abf8070

    Download Submit

  • memory/372-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2280-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download