Overview

overview

7

Static

static

3

fe100933ce...18.exe

windows7-x64

7

fe100933ce...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 01:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe100933ce73b34723ea5f48a35a2547_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    fe100933ce73b34723ea5f48a35a2547

  • SHA1

    89497e494e332ed94dffe23dde6217ff4e43ae71

  • SHA256

    de1888c8a05570a5ef225dc5c197b846d688ae41ad914365506caa2731573272

  • SHA512

    ae73dfe84adb0f00047eeff37e298730e51ddfcaaf119d48044c72b1ccc0dff04507cf5111eeeb5bc7f6e5411fd268339ab0468bf11e297faa876595b40c4e99

  • SSDEEP

    49152:Qoa1taC070d6hnryxBBOHmhXEbgQHi21ZW:Qoa1taC0zhE3OHmFToD7W

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe100933ce73b34723ea5f48a35a2547_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fe100933ce73b34723ea5f48a35a2547_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\AppData\Local\Temp\93A8.tmp
      "C:\Users\Admin\AppData\Local\Temp\93A8.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fe100933ce73b34723ea5f48a35a2547_JaffaCakes118.exe 640F428645CCA55CFA26EF66D2A1769D8C0C535EE6A284A7CA2BBCD7FB26EB2F02D395CF77DD9FB38F55BEB91539C0C835FE03E0EFB5D06E92B6E7FA9E8D36F2
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\93A8.tmp
    Filesize

    1.9MB

    MD5

    8e53ba139c1eb12781ba07b907b836f6

    SHA1

    b09f65a35cf52407d12394bb4008c9969175ec49

    SHA256

    5bdbb490ed97aa47f5e0eeb20c9beec51b3910aebdae63d44c68f4a91e08d9d6

    SHA512

    fe1064c36cb343e24fb7903d495f81290a76cd28de5e86203fb3e88fd098aaf853a397536d27f21d047dc9db1b50adaed476bda9bfbe1b5fc8ed1812af339fd6

    Download Submit

  • memory/1308-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2760-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download