Overview

overview

7

Static

static

3

f641873cab...18.exe

windows7-x64

7

f641873cab...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 17:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f641873cab10ac6e1e4dfdb177fac44b_JaffaCakes118.exe

  • Size

    82KB

  • MD5

    f641873cab10ac6e1e4dfdb177fac44b

  • SHA1

    fedbac3ae3f9ae83d34728de7873d7a85ece225e

  • SHA256

    597d190e9cdd079c2b4f9f5d83ff16bf67efb0e8f7e827ad445e72aeeae64073

  • SHA512

    1226ccd5155f6683a30ece47c72dbdc26a49cca794d39558f9121d695280da30f616e2b392930ea1327e6367a2d8d9b7b3adb1dc4c214caa8dc5f65b607e99ff

  • SSDEEP

    1536:rzKPeHxeoO3V2jzNrijXi0trcgzQd85alsMqu8bpIvDeBt41Ikwj4v:pYYXN+jXiUrUu5aWMq5AeWeg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f641873cab10ac6e1e4dfdb177fac44b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f641873cab10ac6e1e4dfdb177fac44b_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Users\Admin\AppData\Local\Temp\f641873cab10ac6e1e4dfdb177fac44b_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\f641873cab10ac6e1e4dfdb177fac44b_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1940

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\f641873cab10ac6e1e4dfdb177fac44b_JaffaCakes118.exe
          Filesize

          82KB

          MD5

          af6efae60948011ed1980c6886222a11

          SHA1

          966c9a3630da94c574d5d4e4cd695626363e632c

          SHA256

          ee58681526cc129f43327c8eb7cdc889be914f5ca0a8bb422a75da2f0e3546f6

          SHA512

          db6ffbe1bf9ef813282db7d3f91b76a1d71b296961c9480a26ef76998d5fadea40cae919f934cb033616ede21f85113dc704ffa8d905671130b5bee339c416f9

          Download Submit

        • memory/1940-13-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1940-14-0x00000000000E0000-0x000000000010F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1940-20-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1940-25-0x0000000004DB0000-0x0000000004DCB000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2788-0-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2788-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2788-2-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2788-11-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download