Overview

overview

7

Static

static

3

f4f08150a9...18.exe

windows7-x64

7

f4f08150a9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 03:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f4f08150a94c6333dc0acbc5cdeea1a5_JaffaCakes118.exe

  • Size

    385KB

  • MD5

    f4f08150a94c6333dc0acbc5cdeea1a5

  • SHA1

    5bfeb461415720da5bf996f9a3270852e1281f4c

  • SHA256

    7b9c76c111ca5352c87297376722200a5ff15f643a91565976a5262be4b32bd0

  • SHA512

    6fe059885e2a657de36f5c9d50847e16c20c240b7e596a778592d107fc923d7c2bf4cd6effb146ff5eef9dc99ba5d15051963d44d557b773c06a806819af4065

  • SSDEEP

    6144:zhF9gUzjmJS43cZYbFtUk+KmWmyzrhbxD/qjBAynSBP8EINFajYRedqQuHuiFTdi:zdb+JZcWrhbJqaMdfs9BApJSnB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4f08150a94c6333dc0acbc5cdeea1a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f4f08150a94c6333dc0acbc5cdeea1a5_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3724
    • C:\Users\Admin\AppData\Local\Temp\f4f08150a94c6333dc0acbc5cdeea1a5_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\f4f08150a94c6333dc0acbc5cdeea1a5_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1552

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\f4f08150a94c6333dc0acbc5cdeea1a5_JaffaCakes118.exe
          Filesize

          385KB

          MD5

          dc0ae96f86adf68b08d4f4aabdf75315

          SHA1

          a9070561dc7fb7b4ae0af3e3eca0ebcd0564260f

          SHA256

          7d63b090525add85b6ede53c794a6193b3a420ac355c844fe8b66570d409f7f9

          SHA512

          c11a1b45c22645147209817a8a07a8b9bc92df1e71887a69352ba25eb149d089b8de85902367869c2c4b72d57b0326a59d9f811f87efe2eb4d4aadd118d83303

          Download Submit

        • memory/1552-13-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1552-15-0x0000000001470000-0x00000000014D6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1552-20-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1552-23-0x0000000004EA0000-0x0000000004EFF000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1552-36-0x000000000E860000-0x000000000E89C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1552-35-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1552-41-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3724-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3724-1-0x0000000000140000-0x00000000001A6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3724-2-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/3724-11-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download