Overview

overview

7

Static

static

3

ff6f88e1c5...18.exe

windows7-x64

7

ff6f88e1c5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff6f88e1c58f5d69b4db83b5502e144b_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    ff6f88e1c58f5d69b4db83b5502e144b

  • SHA1

    76bd47b56d68128fe882bd3b8c81fcfc8eb38e12

  • SHA256

    0ee6a8a31a41e2d9dae7c8b3ef29c13ec61a3348db279c50255dd3129ee6968b

  • SHA512

    7d6cc8386b719722727e5504be5f78265672f2bb994abfc18a0fc01803bc1a2d5962f82144537e6f4d2719e9e48f2a222ff2d73577e43b57d5532e409aceb613

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dtr1eKihbOlVntMnMiL5J7nUUJbMKZBQjCMXV:Qoa1taC070dtJniheVkM4Ru2Ml

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff6f88e1c58f5d69b4db83b5502e144b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ff6f88e1c58f5d69b4db83b5502e144b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\5F46.tmp
      "C:\Users\Admin\AppData\Local\Temp\5F46.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ff6f88e1c58f5d69b4db83b5502e144b_JaffaCakes118.exe 31E22CA81F6C766011246DF85496F357611DED701F71FACDCF4D3BBE785947F5CD4D35A8E81423266A89F82B32ECABE5DDC0AC31078401F890522E6600839EB1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5F46.tmp
    Filesize

    1.9MB

    MD5

    8710fbe7910e1b67d7a34b64074f0f46

    SHA1

    0c7afefb3c914ec18c439495ea28ca052aa52558

    SHA256

    3ab1c7297fbce5e54a64ee3db569d357b0af71394d7b1ac5b07a8889ce3ca21f

    SHA512

    dca3761f678bbc2c3d878aef92c6b3fbe84414ddb45f7acaf739ffd7350de07acf588d6de2469e9ef5602c497ea385f4d19dc544ce60424c9fe3222bbea0dc1f

    Download Submit

  • memory/2216-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3912-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download