Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 07:20
Static task
static1
Behavioral task
behavioral1
Sample
fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe
-
Size
82KB
-
MD5
fc39e67a065a3fcc4a50efee2acbd2d2
-
SHA1
b336c465f405d7831814c3b2f5fe76d4602b97ba
-
SHA256
aed1f62ea048aee8c07966680b63c0413c322acd6e639af69ae7dbeb205bddea
-
SHA512
3f517f746103c333089e947a680a331e9b5dd4e47080f67ec3eed5f25d977dd07ff98bd94b74fe7de843a3e2673aaa67a95abeaceaa1d432d5ffcbaff13bbb52
-
SSDEEP
1536:l5NBHlQUqdBP/BTicXMqejJFmfqeDj4T6sL2Xl5xF4eyrza:LHlQjjSJIfqehsL0X0i
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1684 fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 1684 fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4536 fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4536 fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe 1684 fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4536 wrote to memory of 1684 4536 fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe 85 PID 4536 wrote to memory of 1684 4536 fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe 85 PID 4536 wrote to memory of 1684 4536 fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4536 -
C:\Users\Admin\AppData\Local\Temp\fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\fc39e67a065a3fcc4a50efee2acbd2d2_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1684
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5be21966db4a526c3ce20c4aff89fdd5f
SHA1b323aa2bf16da8360a6fcf310f80c33f57c36992
SHA2562b9416403ce9ba91379c80edd7825fd9fe2c7c3db8f376cded58e4a67caef940
SHA51276c22ff683346c3ca31cdee777517cbeee7c91afc3db5652843239a29abfc61345da914e1f0b4e7b376ca700c8b7df8040d3df0c95cf54b27709457cd75beda4