Overview

overview

7

Static

static

3

f7881b67cb...18.exe

windows7-x64

7

f7881b67cb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7881b67cb0ab750a4dc34b752f519b6_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f7881b67cb0ab750a4dc34b752f519b6

  • SHA1

    a1c8cd373875300d19d9cfd29f08cb47ebf6501c

  • SHA256

    9fdcf035df1b6bc2cebb94646d949fab5136e3c0788af3989181ad8dbcbe3f22

  • SHA512

    9c1f916e7700c79b93dcefc3ff4e64c025dee34ddff55da88569f148a0a764f7ead6725226bda2aa2dd42382dda0c9e9e36139507e202e7541f87dbbe1d9fbbd

  • SSDEEP

    49152:Qoa1taC070dhHTkEbYmtwQ4obVvIRbNIvA:Qoa1taC0e4NIqRbNI4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7881b67cb0ab750a4dc34b752f519b6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f7881b67cb0ab750a4dc34b752f519b6_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4608
    • C:\Users\Admin\AppData\Local\Temp\630F.tmp
      "C:\Users\Admin\AppData\Local\Temp\630F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f7881b67cb0ab750a4dc34b752f519b6_JaffaCakes118.exe C471B8094366A7F2E8BBDC846FF329F383B2535C8D84988AAAA108F52A4518130132393C018328869D62C0870D98246C4982FAC4F02498DDE4257CE8F4F3234A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\630F.tmp
    Filesize

    1.9MB

    MD5

    277dc377222f507162d6052f5083f544

    SHA1

    e0077a43261d3ec7df169cf40db5729623a9ddeb

    SHA256

    1835cff856c0aebef41059dac8426fdd01f78f9af6593a90baa7680699ae746e

    SHA512

    ed2b50c7a27f9cb6ef06048a579e010ede8c2dfcb3c804a6d92731906d8676b9928ae80b9177ec20f6b980cfddeda6ebd029d63d7d099bf823252bb7165241a1

    Download Submit

  • memory/2640-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4608-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download