Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-04-2024 03:55

General

  • Target

    f73545dc67c662cb29ce4ee9d8575267_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f73545dc67c662cb29ce4ee9d8575267

  • SHA1

    4e9941a584dc7a58afba7d13cedb812198cc626d

  • SHA256

    746aca85027170e18e2b5aa6c56489378cb9ec816dcded77d97916ccbc347e2c

  • SHA512

    2e4b88d0d41d69001555d22fb9a390bd13b3a86a7cb0a9884a3c710efdb0d6450bae2e90a64337d5348f21bd3e57e94c8236e3acfdfaf49ffeac7492044be0c4

  • SSDEEP

    49152:Qoa1taC070dVRf7cev/bYYMGLtY1cYDd5oVsn:Qoa1taC0sRf7dXb9LWt5oVsn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f73545dc67c662cb29ce4ee9d8575267_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f73545dc67c662cb29ce4ee9d8575267_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4164
    • C:\Users\Admin\AppData\Local\Temp\84B1.tmp
      "C:\Users\Admin\AppData\Local\Temp\84B1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f73545dc67c662cb29ce4ee9d8575267_JaffaCakes118.exe A13ACB7BD5F742B60C4736B5ED8AAC20923BC63A0A825EA9E7AECEBC96A01B176BD2E0D3DA63B1DA9D9BDE1A15946A1E6FAF7FB5428442E58E819B0749E63E71
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\84B1.tmp

    Filesize

    1.9MB

    MD5

    2c4556fb4d130664d5105926c206accd

    SHA1

    861a4ea1111a765a21ba403efb34c118d1d58ebb

    SHA256

    5a7d9b1952c689718c21737ada3a0afb8ca42d37fc0065a3457785079626400a

    SHA512

    3f56855334aa4b9555f3af2141b5634d3cf384c918fa328df1c294df94f65d4bf171c3b64d9fbb497c62102e7b1134931434b389ce861c602751d10d154cdab2

  • memory/2136-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

  • memory/4164-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB