Overview

overview

7

Static

static

3

fa84c0b18e...18.exe

windows7-x64

7

fa84c0b18e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-04-2024 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa84c0b18eb70b51587341f7cbca95ae_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    fa84c0b18eb70b51587341f7cbca95ae

  • SHA1

    9a458a38c040820a20233719885a6057d08ad29b

  • SHA256

    acf728759aec66fa4c6dc402d9aac817d0d82f4df946a461ea490f68d1fad931

  • SHA512

    0574604a7ca7502f63bc098ea3f2b0455d570244615e5913231eec71c273ab506203bcfb56e265138cd4eeae166a0b810c3796a925357ec9ba9830204ca964ae

  • SSDEEP

    49152:Qoa1taC070dq7IbGPXnqAam24Gy5xRNIL:Qoa1taC0UbGP3F4yzRNK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa84c0b18eb70b51587341f7cbca95ae_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fa84c0b18eb70b51587341f7cbca95ae_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Users\Admin\AppData\Local\Temp\D77B.tmp
      "C:\Users\Admin\AppData\Local\Temp\D77B.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fa84c0b18eb70b51587341f7cbca95ae_JaffaCakes118.exe 0B988F155CE6FA386FE419D635F2AEBB2C5AEBBCBDFA22DC266054E2C790AF8BCED0D67900A7C4BC8F6A5F9382984EB48F98A97A511F06BC2A078E5FF9391654
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\D77B.tmp
    Filesize

    1.9MB

    MD5

    6870836023b6e5b97c8482939e30131c

    SHA1

    9c16b85d6a26421bd961d897252a85d81989fbbc

    SHA256

    6961c4baf91848cae4806e7974c97c42d302793a21dc3e8ea6ae531741da608b

    SHA512

    8b66584d2dae61108687246ece0cb27e738586dad549b10f7f59c35f257dc5d1ef16445f779495240b5c25114022e332a8b20ded92047042000d6782221a0513

    Download Submit

  • memory/2140-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3016-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download