Overview

overview

7

Static

static

3

f957273318...18.exe

windows7-x64

7

f957273318...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19-04-2024 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f957273318be9a0f105a05c83f5fd6f9_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f957273318be9a0f105a05c83f5fd6f9

  • SHA1

    00f1bfe4854a00fc1dfb589c860d3794ac1690b0

  • SHA256

    ee7263acf0b6c883170d73c355c4f51694407c45bf6cb698543a447366ae3e61

  • SHA512

    1a0d2b13b05b42e95b25683d5eac81dab5dd9f3725b1617b6bb45d0f0bd1a1457c7ed12ca6b73c19f2cd0eba6f2fd90924d3986cf8eeb27339e381df5b88d267

  • SSDEEP

    49152:Qoa1taC070d6suGPtIBqgH+05w8NhCX2k9:Qoa1taC0onP3o+0u8NkGk9

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f957273318be9a0f105a05c83f5fd6f9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f957273318be9a0f105a05c83f5fd6f9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\166E.tmp
      "C:\Users\Admin\AppData\Local\Temp\166E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f957273318be9a0f105a05c83f5fd6f9_JaffaCakes118.exe 842C0B973336171D1E24072D634C169571599FC1E8881B3D482543838464238F8C7CD51CD05181EC6DD686B82CA85D64B955A772BCC216C89B1997922EA595E1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\166E.tmp
    Filesize

    1.9MB

    MD5

    32f9e4b7f91b4ee30c98afd92a1d1d3a

    SHA1

    b8e80a8bc4ec1bc6fe6887fee748cd652f999f41

    SHA256

    b3f38b7ab79a1891266fce8da96fa9300c63147553e92a95b241b2ea800241fe

    SHA512

    d5479e88d82b50f5d81cb7154e9f5475fc988dc37bc58a47d902b5264c5b54c2f978b1a970d09104777d6ba77876c0c13492ca86598b954d16787ba0bf2dfcec

    Download Submit

  • memory/2856-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2880-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download