Overview

overview

7

Static

static

3

f27b198ab0...18.exe

windows7-x64

7

f27b198ab0...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f27b198ab0a9a51672fd190fc7678680_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    f27b198ab0a9a51672fd190fc7678680

  • SHA1

    e467444f17701799a020cea0b499e1e0efab3d00

  • SHA256

    9651a9eb5a35cff01ff27270c0aa17ee81168f93333829a2daead4016eff2de5

  • SHA512

    9b1a71ca41b99ac12419bcb7f153e2f948282f1781b45a8ef5d80445f63a01f5184381a8479910c76576369816780016d1f884504df84c932bb61fdb4e557154

  • SSDEEP

    24576:qKeyxTAJj7PZFK30B3I9ILWDdhVL0OOsImM/UqMoNcaRqg:qKeyRAwEB3w7DOZmmUqjqA7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f27b198ab0a9a51672fd190fc7678680_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f27b198ab0a9a51672fd190fc7678680_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Program Files (x86)\hfuxkkx\qaxbxwccgxai.exe
      "C:\Program Files (x86)\hfuxkkx\qaxbxwccgxai.exe"
      2⤵
      • Executes dropped EXE
      PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\hfuxkkx\qaxbxwccgxai.exe
    Filesize

    1.0MB

    MD5

    772c5696a4fe6388fcb2141c2d4cac46

    SHA1

    3c51bfc1a564216edcb6d08800096678d73e8fd0

    SHA256

    821defcd2ad62a9cc522439767821d014b174036b462f07956e93d0e64ecb0fe

    SHA512

    c2de9d39b233f649a350ed5aa70fc7b02c9e0bd9b0f6aab6691c54d074e10343dc939ce4e2c0451782cf05a00d101eba1497ff5b43a4cc6d13651ee443348981

    Download Submit

  • memory/2204-10-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3008-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3008-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3008-4-0x0000000001D70000-0x0000000001E04000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3008-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download