Overview

overview

7

Static

static

3

f529148f8f...18.exe

windows7-x64

7

f529148f8f...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 05:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f529148f8f73ee9157a8ce0d671bb6cc_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f529148f8f73ee9157a8ce0d671bb6cc

  • SHA1

    bb571017af09a9a067a7fb9e7fe82d1a4f59a30b

  • SHA256

    fa0e9fa10f7918bd2607114c4c8c9398a28bb67c21923735bf1cabf8111ac21a

  • SHA512

    8ace6f38c5db1b9630e82c56ede6a38686e99365f3164016986a13f9f6dd29ac9a046b05124acbfcd54f821a87fab8046b90c13734cab6d45bcd81d2addd5bf7

  • SSDEEP

    49152:Qoa1taC070daSBDQw38NMpxXy+OnLb/vQKRZi8+:Qoa1taC0bqDQ5N4xXy+OnL7QKZiP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f529148f8f73ee9157a8ce0d671bb6cc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f529148f8f73ee9157a8ce0d671bb6cc_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4472
    • C:\Users\Admin\AppData\Local\Temp\74B3.tmp
      "C:\Users\Admin\AppData\Local\Temp\74B3.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f529148f8f73ee9157a8ce0d671bb6cc_JaffaCakes118.exe 8B0AA999034E0A0D40288B13F11B31242D3C702692D3E3CE7416ACF2B8BCF19A6AEFC8B4BC6BE8EADD39377020746242DD6586FD0D3CB566A4D9DFA8518C4A3E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\74B3.tmp
    Filesize

    1.9MB

    MD5

    9ea5613b22d308b4d03e2dc87078a38e

    SHA1

    ec61e9feddfed019cf45a2b68c826070be585364

    SHA256

    6a7db185b5637cd88c7b41131cab301e94ed98ad87e48ea470a488b36c6fe615

    SHA512

    fbc2980e442e8380a960699a215519462a00bc507f03b7757f5586aa294bc4596a3b91cb27f970bc67147447bf829b4a85835572b271acfca6f2b98e4889ad9c

    Download Submit

  • memory/2368-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4472-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download