Overview

overview

7

Static

static

3

fbe6793fc1...18.exe

windows7-x64

7

fbe6793fc1...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbe6793fc13ef35277380421c76d2d84_JaffaCakes118.exe

  • Size

    82KB

  • MD5

    fbe6793fc13ef35277380421c76d2d84

  • SHA1

    a2d222a41cd0506826abdf0b94bf460ab17702a7

  • SHA256

    c4915b63e86fd23767a87b09e9d68be2dd41b60666702a8fd2370a3518d6b5dc

  • SHA512

    c280085017104a4aa3594de61b124a2dd93870efbcb7a36e3c5dc6548426ba4f6aec8139effdc90b543c4abc7a3f4d7c6e29efd8df1299cdd248e10e6a72750c

  • SSDEEP

    1536:whuDQwFpMbtF2lSPNrIfZbd1b4X79X88Ls9tv8t4f0A3b8WIE:w8ppwilSlrwZbPb4L9qP0MGE

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbe6793fc13ef35277380421c76d2d84_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fbe6793fc13ef35277380421c76d2d84_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Users\Admin\AppData\Local\Temp\fbe6793fc13ef35277380421c76d2d84_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\fbe6793fc13ef35277380421c76d2d84_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\fbe6793fc13ef35277380421c76d2d84_JaffaCakes118.exe
    Filesize

    82KB

    MD5

    05cea708a20b2cd0cc3e0c55a2c51088

    SHA1

    a70e88ac573ca2ce06b9450a50b808f41c3e7b68

    SHA256

    4d9f3d9dbddb305efe50d2f56a1c14d7a14a721443af388b2f490f5387ecfe20

    SHA512

    9efea5c8d65503609749b8a6fab22bc5ae21d330f68333b29ec8f05a53bad79be67b06e988e632ea68ada432f20e8dffe386b6a5f36fc81eded8c32962e0dd5e

    Download Submit

  • memory/2496-16-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2496-17-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2496-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2496-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2892-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2892-2-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2892-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2892-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download