Overview

overview

7

Static

static

3

f871756d97...18.exe

windows7-x64

7

f871756d97...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 17:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f871756d97cc66023d96170ee89d762e_JaffaCakes118.exe

  • Size

    4.2MB

  • MD5

    f871756d97cc66023d96170ee89d762e

  • SHA1

    30c3af6d2648aa178f516b7ee0cad79e4b56f5af

  • SHA256

    7298af2742cd947aa567266112718b5a13f40c78c08a8ceb4eb98e48f55e64e6

  • SHA512

    ea21f61f1c72c618f500730c7b49afdae4ace0085f9e6b0b59a7281d9aa2a9059452f77e2500a168f927bd2417440a213fab237c9f61c91590ccba4865833696

  • SSDEEP

    98304:emhd1UryejosAfj1rb8rNVLUjH5oxFbxCVLUjH5oxFbx:elDoB1rbgNVUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f871756d97cc66023d96170ee89d762e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f871756d97cc66023d96170ee89d762e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Admin\AppData\Local\Temp\9E33.tmp
      "C:\Users\Admin\AppData\Local\Temp\9E33.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f871756d97cc66023d96170ee89d762e_JaffaCakes118.exe 22A1999BDA87B21D995B6AADAB42ACA267B0836D50CEEECA08663D42EB2B2C10758C21E43BCBC566B70B1A02880736741E782800CAA93397D5295C996CFDD7A5
      2⤵
      • Executes dropped EXE
      PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9E33.tmp
    Filesize

    4.2MB

    MD5

    cb8f881d9a618dd9d0c552bd74b7c187

    SHA1

    0804f6ad13e5765aeba54c2a414c9ef5136b19aa

    SHA256

    f315c48a1c26654279553efbd2cf7cbe70e08f25047a4f9286432616fc83ff85

    SHA512

    b2cc6b1575b3a83aa18d8766a187db4bfb9c276445884cbd2b74a5cf66309584a8d2074e3b467508fffa34a37fb07b61515164b862bcdcb33973e14b0bb8ff6e

    Download Submit

  • memory/2500-6-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2852-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download