Overview

overview

7

Static

static

3

f5cd84f2e4...18.exe

windows7-x64

7

f5cd84f2e4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f5cd84f2e448a2a6469d22eb07d4fa18

  • SHA1

    ec9d47c1434d200a0c6af17d5efe5158255774f6

  • SHA256

    06b73b2b2b36c03717b865eb2e73b8420b8d7114502f46f0a9fe7b0bfb34c750

  • SHA512

    67422a09845e27c36af4036593cead5b624b8429897633cbf85fad0c356f943963deb273a9ee93b11c1e231b436a26274cebc72a780c70c440743c0b3d385d5a

  • SSDEEP

    49152:Qoa1taC070dwulLpi/dCKP2iu+phtsPgyr7oipIux:Qoa1taC0MlLpudtAqtC7f

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Users\Admin\AppData\Local\Temp\39BD.tmp
      "C:\Users\Admin\AppData\Local\Temp\39BD.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f5cd84f2e448a2a6469d22eb07d4fa18_JaffaCakes118.exe E8F602C15B31899EBB407DA5621FAF01B982EE8236CD87AFBD73DAA2B7D2016A970E34271B53288A5FEDE9FEEE9462CE62ADAB96CFEC79DAC82256A00BE5DC8F
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\39BD.tmp
    Filesize

    1.9MB

    MD5

    841573931d9707fa6a25277f01518399

    SHA1

    d0188cd75ab6cb001bc87831df85ee8eb6b9cb32

    SHA256

    060da14a2b8da343be9ba79f7f666231d6cf99ebe447a5edf3d642f971e0ed5a

    SHA512

    50b73ad503d0fed67dbd87f7b674f377fe7477931d8cd2bae11d51d9bb641396104e64f5e90caa3dd53597fdb421055ee137c8dfb11ddd380c6ff980f7934657

    Download Submit

  • memory/772-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2324-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download