Overview

overview

10

Static

static

3

f603264ee8...18.exe

windows7-x64

10

f603264ee8...18.exe

windows10-2004-x64

7

$PLUGINSDI...cz.dll

windows7-x64

10

$PLUGINSDI...cz.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe

  • Size

    291KB

  • MD5

    f603264ee85d737bec54e57115dd162e

  • SHA1

    5fe32dcfa44dd2fe53c67eace5bf9a8381ba9b0d

  • SHA256

    4f449dcfc6f1a34508e8cadf4c681960820abd57309946baedb7b0f1c6644602

  • SHA512

    344323303c477f10716966fa25c22b725f89bc73325378cf61ac8ad83478518379e4c35088a28fb8969a0576e7ea9aab236217ebfc3cd589ced250c1c171fb98

  • SSDEEP

    6144:wBlL/cw1ewowIpj+BMeM73RxW+LeEaBEs4i12WNesyAsqQ9PR99:Ceae1wBMX7S+LeHEk2WMsZiv

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\Users\Admin\AppData\Local\Temp\f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\f603264ee85d737bec54e57115dd162e_JaffaCakes118.exe"
      2⤵
        PID:1816
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 1012
        2⤵
        • Program crash
        PID:3584
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 3944 -ip 3944
      1⤵
        PID:4208

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\nsd423A.tmp\zqwdycz.dll
        Filesize

        30KB

        MD5

        b2ac7f18c76b6104e99389f24cd36856

        SHA1

        cfcdbe385c7460a10902fc97f4861ebafc5f4f1b

        SHA256

        013997b08f68be3675e38ef8e2c7bd58d7eadfea520d9cb1a520a0c1f195f5b3

        SHA512

        138d388f727522c70d8d6feb3497536ef3871287f3b55e746e6d2af1831dbc0ff13fcb044271353f3b40914901c0fcbe6d4a1ae483ca6654a94ed41283fba1db

        Download Submit
      • memory/3944-6-0x0000000074FF0000-0x0000000074FFB000-memory.dmp
        Filesize

        44KB

        Download
      • memory/3944-9-0x0000000074FF0000-0x0000000074FFB000-memory.dmp
        Filesize

        44KB

        Download