Overview

overview

7

Static

static

3

fdf0ad2020...18.exe

windows7-x64

7

fdf0ad2020...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 23:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdf0ad20201f8a97d0866c6abe04c5cf_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    fdf0ad20201f8a97d0866c6abe04c5cf

  • SHA1

    e1cc57f27e8feefbdb041eae6d20572faeda2274

  • SHA256

    9b6fc2bfcc0e103268c694549d11542127a16c6957bc4e2fcad8a307924062c3

  • SHA512

    564b1b6bc40a11b62b1be564cc6a1497967aa7da2c0f78b61a3917d3c349c787b788cb3ad7a939a91250fefe5ebc5058cf4333b021709509278152d7e0d3ca4d

  • SSDEEP

    49152:Qoa1taC070dIP/QAM/n1mavNqf+37zkaFodos/DoDFN:Qoa1taC0//QAK1RVbzk/dohDv

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fdf0ad20201f8a97d0866c6abe04c5cf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fdf0ad20201f8a97d0866c6abe04c5cf_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Users\Admin\AppData\Local\Temp\2D88.tmp
      "C:\Users\Admin\AppData\Local\Temp\2D88.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fdf0ad20201f8a97d0866c6abe04c5cf_JaffaCakes118.exe 75D5020C23904EEF41EB8B9406AA016CB2DF4F898FFF9ABEB3BF1ABB417665950D4BF77722828BCE8F36B1E231D8542BC0660120D62823323413BAAA30B57973
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2D88.tmp
    Filesize

    1.9MB

    MD5

    ea2a31cdf6bfd9e41b02df2dcdc6dbc8

    SHA1

    8b70e42e01cf2087b866bb683f301f92b583173e

    SHA256

    77f2b4f428f5a344f6f38238394e52913a1286490fd462d152c7a7fb3322e644

    SHA512

    faa73ee45eab0b4330c8254313565e684c8b34ae6fd0931640ea3ad77ca905f58778c26a904592a8a7c597ea168e311a59165ef9d4555084b03c2037fed96eb4

    Download Submit

  • memory/1948-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3092-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download