Overview

overview

7

Static

static

3

f4ba4438f7...18.exe

windows7-x64

7

f4ba4438f7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4ba4438f741c7904ad3e217e6cc0567_JaffaCakes118.exe

  • Size

    907KB

  • MD5

    f4ba4438f741c7904ad3e217e6cc0567

  • SHA1

    95833afa8adf1493b3db5eb426f884fdc394b63d

  • SHA256

    129cfeea6c9324bfbe64ad8d0ce79c9b16510c72eb1dfcfd9be358002609e564

  • SHA512

    a1ac9c2dd744a307075656aa65295e0665f9dd872c44ad830ceb040188156a6db5c817e69c96426e390e8ee19064b06e01240eb5ecaaa49bdeeabe61f6b81742

  • SSDEEP

    24576:kI+J+EIyx2diS17+slyGdajtMt0bmTTTaKT6ta/ZS1:khxqrlyNE0b6XogS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4ba4438f741c7904ad3e217e6cc0567_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f4ba4438f741c7904ad3e217e6cc0567_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\f4ba4438f741c7904ad3e217e6cc0567_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\f4ba4438f741c7904ad3e217e6cc0567_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\f4ba4438f741c7904ad3e217e6cc0567_JaffaCakes118.exe
    Filesize

    907KB

    MD5

    b1fe80046f9f839e383010172b4c8604

    SHA1

    5fc8297ee0ef5e7df64090253a0d0ad4d12aa60f

    SHA256

    7425395fb3b2e93d2d4f374142c28ac3e846a150f21ab7b7bfed85316f5d3b01

    SHA512

    377cada5fb0c94ae9bf6b8f9076876fcdccd34e4d375a90669faf68a92dfcdbd933c0e9a36c2100137a90ce4a7c60ba035b35ec09ce3568c147ee42df33ccd59

    Download Submit

  • memory/1992-19-0x00000000002F0000-0x00000000003D8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/1992-22-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/1992-24-0x0000000002F60000-0x000000000301B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/1992-44-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/1992-47-0x0000000009990000-0x0000000009A28000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2204-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2204-2-0x00000000014F0000-0x00000000015D8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2204-1-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2204-14-0x00000000031C0000-0x00000000032A8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2204-13-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download