Analysis
-
max time kernel
93s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16/04/2024, 18:58
Behavioral task
behavioral1
Sample
f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe
-
Size
2.7MB
-
MD5
f41e23b9345d4a24054495a857f456ef
-
SHA1
9492bdaa1852546cef01b8df79715696d25c9acc
-
SHA256
0e308c2c82bf47fef7b15dbba75c962af1a188159f938bdb457b206005a09751
-
SHA512
a91cc2accf7a0fd49a4b9a94be14f9cc09f95c10b5b3a8b5889b3a60102a165e9d642ff9cd1d9967939d7746969696fcbde78dfa7221104664ff3afc09fae916
-
SSDEEP
49152:/PopIY2dfRYq2lAAFiUCJs+9KKAXtsI7hidahJQl6R7HQYzKf0jliaFD2hdUTp:HLY2dpgOWMqxhid48YMYzo0jlLSXUTp
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3888 f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 3888 f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/2988-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x001c00000001e97e-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2988 f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2988 f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe 3888 f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2988 wrote to memory of 3888 2988 f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe 84 PID 2988 wrote to memory of 3888 2988 f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe 84 PID 2988 wrote to memory of 3888 2988 f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Users\Admin\AppData\Local\Temp\f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\f41e23b9345d4a24054495a857f456ef_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3888
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5fcb0b0dfe0675d9352212a7e41e98a5c
SHA1a661b4629e7237139d24b1e930921f9afb76d163
SHA256a81e1ccfba8e6f8192fb85cf89ecfb5309da3a97805ccd6c6ef9a64426b2a0eb
SHA512c050e648dff313e2cb3d6a0b7d114101a959473903a22ad075a0923ae296da1707e4d294ac52034dd2ac881fd90d432c2bb45d815f8302d1f4226371392b5d4a