Overview

overview

7

Static

static

3

f975ceaaed...18.exe

windows7-x64

7

f975ceaaed...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-04-2024 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f975ceaaedd7e6bf57b545fc4fd5111f_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    f975ceaaedd7e6bf57b545fc4fd5111f

  • SHA1

    6836ac98e3db88d65445eaa120cb66fd94025fb9

  • SHA256

    c7dbd6a0d656ec1f250fbd1a43a4d41b2cd25ab96af303765d1051cc5d796042

  • SHA512

    538f6b9bbc72271785e966e5ba2ccb5eef79e4a0ad5ee7f22341439234b5dd3c5be1410c6c529834e7bb640a83d9f1fe44525f3d7446dcd1aa645e20b4687f68

  • SSDEEP

    49152:Qoa1taC070dKAm7mkMXfk0DhNfcilgAT1+/S:Qoa1taC0LwkMrDhRQ/S

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f975ceaaedd7e6bf57b545fc4fd5111f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f975ceaaedd7e6bf57b545fc4fd5111f_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Users\Admin\AppData\Local\Temp\6E69.tmp
      "C:\Users\Admin\AppData\Local\Temp\6E69.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f975ceaaedd7e6bf57b545fc4fd5111f_JaffaCakes118.exe 2B849D69F44384B97BCB8DEF752DCA9FFA535E08D349568A5C452EF0C29F0E315756FE300B87D2C59C6EDD2D5387545F3D3F7CFA8C8D1458458EA3399FCF2BFE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6E69.tmp
    Filesize

    1.9MB

    MD5

    1b333444e0f1273e6983e0014fe7f317

    SHA1

    70409f96b6ae7f71548918a552426a0c503cbb8b

    SHA256

    65bb8254f36b02187db7ba7ac96b07e348ba8e296e2bb1ee028f99e6a7ac0e62

    SHA512

    828d9d0aee1467eb3cd68f467dc496345d4cb26ea9bfed6a945d1fb7ac7bd7f453fc2b1010461eba3ceacb6af7e54ab4477c5cabfd70187581f6737776fbc782

    Download Submit

  • memory/2656-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3032-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download