Overview

overview

7

Static

static

3

f72cd0640c...18.exe

windows7-x64

7

f72cd0640c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 03:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f72cd0640c712ca174e862dbd94a0818_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f72cd0640c712ca174e862dbd94a0818

  • SHA1

    0f71b0337fc08d11608d0c00fafa7e92012ef927

  • SHA256

    8f1bc3f609112653b049a51b61976e0e1b86b79de219839372ec830663714b23

  • SHA512

    4df182e2c638f61154ee9c5e83f1d1f9e3f07f437b80b495d2224167f3a2a21bd597d4a6bfe9ea4dc70079e62202c749aca70194649ba5dd707a63fff4b4b395

  • SSDEEP

    49152:Qoa1taC070dq68CMUiH1CppdK6S1ouS5kJdj:Qoa1taC0OJK1CO85knj

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f72cd0640c712ca174e862dbd94a0818_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f72cd0640c712ca174e862dbd94a0818_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4076
    • C:\Users\Admin\AppData\Local\Temp\7743.tmp
      "C:\Users\Admin\AppData\Local\Temp\7743.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f72cd0640c712ca174e862dbd94a0818_JaffaCakes118.exe A2A780083C45572FB766633E09D9C49F767D5E1F522DC7823C63971393843294468D3E26AA9E6D8661D31AA4D96FFF476C437A950585139E5B24974E109063CC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:476

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7743.tmp
          Filesize

          1.9MB

          MD5

          ebcafc26221f707ccf2d7de0229f2a35

          SHA1

          b9498fc675167ae7bdc8ebcda4e4663efe2afd09

          SHA256

          f787872f94ca7bad51c98d6b8c8a81263d86b4a721100d8cb706ab2663160c5b

          SHA512

          4245ec316468eb31cbfa2efdbbc7b1252617ab6aa4a7a2d38f2775a5b08e51df9dd494096f1d35395c7d8acc880dee40cfe1371f02e3fb463c5d4040f645e967

          Download Submit

        • memory/476-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4076-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

          Download