8e371b943b7e1c7bf3c532636e97922d8f87611ab73f244421c6e14938e7df94

Analysis

max time kernel
137s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe
Size

385KB
MD5

f4bd4e58f4e5d550bb996e9fc1aa3477
SHA1

bb29a38fa04601efc7c42091b35778a6caf60537
SHA256

8e371b943b7e1c7bf3c532636e97922d8f87611ab73f244421c6e14938e7df94
SHA512

2d5da834500f47eedea47a3b797e68fb576320f741ca6d17383ee5102c964caa9b6a309e06c6caa2d6f586ee8b88457322c5274d2e13c850065653977d85dfae
SSDEEP

12288:9MJJQ0FWN9AZvYnCkLF16/Tl/R/jTK15ZMB:9d0Fw9ARwmHfKjZMB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3520	f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
3520	f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	pastebin.com
2	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4868	f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4868	f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe
3520	f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 3520	4868	f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe	85
PID 4868 wrote to memory of 3520	4868	f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe	85
PID 4868 wrote to memory of 3520	4868	f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Users\Admin\AppData\Local\Temp\f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f4bd4e58f4e5d550bb996e9fc1aa3477_JaffaCakes118.exe

Filesize
385KB

MD5
b5adb1ebc31d3547ef2273b0fb15c619

SHA1
4a980fd40c22afee8cc1c186b3b38aafb24b7065

SHA256
3d7e43372fdea9c2dac3e94ae3038fadb773cc1bde376b82191cbeb385245123

SHA512
b6d69d1f137bc0dc94f8d6c3e3ac94472f3e55f15940de10e606b4220963fa57e261e35bf79adb13492b7f56769e7753c0fe79ff676875971bb4e3ced8ed7171

Download Submit
memory/3520-14-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3520-15-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/3520-20-0x0000000004EB0000-0x0000000004F0F000-memory.dmp

Filesize
380KB

Download
memory/3520-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3520-35-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3520-38-0x000000000B7E0000-0x000000000B81C000-memory.dmp

Filesize
240KB

Download
memory/3520-41-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4868-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4868-1-0x0000000000150000-0x00000000001B6000-memory.dmp

Filesize
408KB

Download
memory/4868-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4868-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download