Analysis

  • max time kernel
    94s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 20:53

General

  • Target

    f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe

  • Size

    3.5MB

  • MD5

    f1e70ce4621aeefd0ae9ad631686b1f0

  • SHA1

    5404481627cd85342cee4875e094ba805332ad17

  • SHA256

    2be4ad7322f8a48051cc91b96db389c330188748f4efb13e22f83820519fcd84

  • SHA512

    1a7079591991ea7cbee52cc0aebbac27efa07aac17fd4724dcc846d3e7f3d46728953ca5d110b24fbb5e600ddb1cd10686809d58f373e96b0faf5b7013b334d3

  • SSDEEP

    98304:I/qAVy4a/KMtcQmmYK9zKAc0MymmYK9zK:xvzTmmYK9+AcdymmYK9+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\Users\Admin\AppData\Local\Temp\2460.tmp
      "C:\Users\Admin\AppData\Local\Temp\2460.tmp" --pingC:\Users\Admin\AppData\Local\Temp\f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe 3A3A856C2902248DBB8288CA7045CFDD919BDE8C8EEBC6EB9249C95096EEFC60299FA1E5C45DF860C6D0BABE0543567DAF8E45C8CFA1E152B19549CAFD7B8046
      2⤵
      • Executes dropped EXE
      PID:4684

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\2460.tmp

          Filesize

          3.5MB

          MD5

          7f51042155ed0a3339bda417156803fd

          SHA1

          af47f62fdb4f575fd0e29595e2478d2673eaabc1

          SHA256

          4ec90a229cc98bd37f4e79ef90f4069ad7990d819cb1ac5f60133f65a96ee3d4

          SHA512

          c977ed100da7261c5f6dce2c4da267223cf15c7b504a4adf479fe157b91efcbbec071958d86d763a4a972cd34fc2cc5c7a858d4411805fca723251200186cee4