Overview

overview

5

Static

static

3

fec291dbdb...18.exe

windows7-x64

1

fec291dbdb...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 07:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fec291dbdbb628eb2613d98c30415ec5_JaffaCakes118.exe

  • Size

    147KB

  • MD5

    fec291dbdbb628eb2613d98c30415ec5

  • SHA1

    9af9b9a036b987ccfee3f22450a9a1c648ff3298

  • SHA256

    bef0b05defb998bb1295f2a02a85d887b45943b13fb105e831f997c085993762

  • SHA512

    66e5a25174e4f287ad7641056e5d8b5f26fc1b2257546286d92940c08a09366ed11c1fc813feb979917c64be9100fecfcf0217e7a2013f5385df87ba7d3f9c22

  • SSDEEP

    3072:RbXcpkQTa0rRoLJnePr/rLTkaxg2j9KdqjauaJJ8rszbi/3:RbMpkQT5rgcPHLfxg2xKsjau08rszbe3

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fec291dbdbb628eb2613d98c30415ec5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fec291dbdbb628eb2613d98c30415ec5_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3432
    • C:\Users\Admin\AppData\Local\Temp\fec291dbdbb628eb2613d98c30415ec5_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\fec291dbdbb628eb2613d98c30415ec5_JaffaCakes118.exe
      2⤵
        PID:4308
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 80
          3⤵
          • Program crash
          PID:4464
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4308 -ip 4308
      1⤵
        PID:4992

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3432-0-0x0000000000100000-0x0000000000153000-memory.dmp

              Filesize

              332KB

              Download

            • memory/3432-1-0x00000000001E0000-0x00000000001E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3432-3-0x0000000000100000-0x0000000000153000-memory.dmp

              Filesize

              332KB

              Download