Overview

overview

10

Static

static

3

f2e1c192c4...18.exe

windows7-x64

10

f2e1c192c4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2e1c192c412aa3ca221b366b3b610aa_JaffaCakes118.exe

  • Size

    237KB

  • MD5

    f2e1c192c412aa3ca221b366b3b610aa

  • SHA1

    b3f033a0c98d283178f856c3d2780a992fdca194

  • SHA256

    dfd7b02685603bb55ce570fe7c25d0b593e094cfdae6cfa52c75cbf941d8cd7c

  • SHA512

    1c790647199cd31efe164ae5a08ccfedb272689d0b743bf1b2a1f6393ebf025be2e151175e53e92f9c9fa90dbf8ba6aa0675d770a4712c64c0395e60061c3e70

  • SSDEEP

    3072:umPWUitOGy3owSFz4yQY1QxaYR+yCfzjCGZfup2e/kiA0ofI4HJMLjFDLUyaDQYQ:FhwwYPKAYrCnDZf8k0r4glLjHr5/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3388
      • C:\Users\Admin\AppData\Local\Temp\f2e1c192c412aa3ca221b366b3b610aa_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\f2e1c192c412aa3ca221b366b3b610aa_JaffaCakes118.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3616
        • C:\Windows\explorer.exe
          000001C8*
          3⤵
            PID:4576
          • C:\Users\Admin\AppData\Local\98be3bf7\X
            193.105.154.210:80
            3⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:4292

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\98be3bf7\X
        Filesize

        41KB

        MD5

        686b479b0ee164cf1744a8be359ebb7d

        SHA1

        8615e8f967276a85110b198d575982a958581a07

        SHA256

        fcfbb4c648649f4825b66504b261f912227ba32cbaabcadf4689020a83fb201b

        SHA512

        7ed8022e2b09f232150b77fc3a25269365b624f19f0b50c46a4fdf744eeb23294c09c051452c4c9dbb34a274f1a0bfc54b3ff1987ec16ae2e54848e22a97ed64

        Download Submit

      • memory/3388-10-0x0000000001330000-0x0000000001338000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3616-1-0x0000000000400000-0x0000000000449FA8-memory.dmp

        Filesize

        295KB

        Download

      • memory/3616-7-0x00000000006A0000-0x00000000007A0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/3616-8-0x0000000000400000-0x0000000000449FA8-memory.dmp

        Filesize

        295KB

        Download

      • memory/4576-9-0x0000000000350000-0x0000000000362000-memory.dmp

        Filesize

        72KB

        Download