Overview

overview

7

Static

static

3

fb4e97fffc...18.exe

windows7-x64

7

fb4e97fffc...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 22:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb4e97fffcec9124fea75fa0474637f1_JaffaCakes118.exe

  • Size

    77KB

  • MD5

    fb4e97fffcec9124fea75fa0474637f1

  • SHA1

    ed85876d34d85fe7d80cf93cb80823573bc2d7e2

  • SHA256

    4c4de8749c5f52e3ae95921bdd3f5142b3a5bd53ae101d33b15a006117a6a097

  • SHA512

    577ec5e56068ca55c6b35c448deace1d9b9c02f423ff1932a87c3a05427bf500afca3fac4b566a15dee1226507e28c6535f7b1cb1113c8f8d70f664a610f32a3

  • SSDEEP

    1536:T71q+1QTyimXNJlizBKKBafzYID1fJKcvfiVqstjhX07TISGQlaAs/6nQFQUd5O:r1uyXXj+7S8ID1fnavt1E7TEQkAs/6sl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\fb4e97fffcec9124fea75fa0474637f1_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\fb4e97fffcec9124fea75fa0474637f1_JaffaCakes118.exe"
        2⤵
        • Drops file in System32 directory
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:2984
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c clear.bat
          3⤵
          • Deletes itself
          PID:2148

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\clear.bat
      Filesize

      118B

      MD5

      c04d217ccee80b979cafa5f420607b2b

      SHA1

      a347cf779b0d34f42e52c5262d222a62cc6d9b00

      SHA256

      1286f1a5415c5e9b3e7215cca2e1fe48b7dafeb7b33cd54455a28001cffe11c3

      SHA512

      ae51e11ebe621db4caa14294bcc4ddd562954e720784aae3f0ff46bda1f3625e3c34c89353b965385c7ca547c307410cd9d435d86ce78409da1f9f1a2593c938

      Download Submit

    • memory/1212-0-0x0000000013130000-0x000000001314A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2984-10-0x0000000013130000-0x000000001314A000-memory.dmp

      Filesize

      104KB

      Download