Overview

overview

7

Static

static

3

03243df606...18.exe

windows7-x64

7

03243df606...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 11:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    03243df606a97ceb8387d195586fd0d3_JaffaCakes118.exe

  • Size

    214KB

  • MD5

    03243df606a97ceb8387d195586fd0d3

  • SHA1

    110df681b6d8dd363413d32ee9665bc83f84b0cb

  • SHA256

    1fd12643b4bec117c69f4f29049e4ce6a64a6e75dbe3be16050fb907fabffa70

  • SHA512

    c68e50c1cc4e9dbda1e500413653aba7fb0305d479ad076e51e0e3dfd0fa1da7198b64cf16f75329fadaa79fe60a1612565fb96742b150571820ab2745cae8ee

  • SSDEEP

    3072:6N43tke6NUoXbeYnKAlpCU4XRvevYX+Fgc8i1Oo8AknXc:65e6NXb+AlYlh2vYXYx1zTyX

Score
7/10
miner

Malware Config

Signatures

  • Cryptocurrency Miner

    Makes network request to known mining pool URL.

    miner
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03243df606a97ceb8387d195586fd0d3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\03243df606a97ceb8387d195586fd0d3_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\03243df606a97ceb8387d195586fd0d3_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\03243df606a97ceb8387d195586fd0d3_JaffaCakes118.exe
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\.Trash-100\ActivateDesktop.exe
        C:\.Trash-100\ActivateDesktop.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1812
        • C:\.Trash-100\ActivateDesktop.exe
          C:\.Trash-100\ActivateDesktop.exe
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:2280

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\.Trash-100\db\framework_exe
          Filesize

          19B

          MD5

          665009c6d258a06e710ff8c7810f4697

          SHA1

          abf7abc9bae75e5323a12b1d58336dfe0fd58e22

          SHA256

          98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a

          SHA512

          a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

          Download Submit

        • C:\.Trash-100\db\version
          Filesize

          4B

          MD5

          d1f06d78c49ae2f50ed110bf71b14d5d

          SHA1

          8ca74d6eef7042f622d54ea46b02bf8fb2ae6a23

          SHA256

          51d239245d52c440a2f92d91ede542a232891f54834c05241ac00ab6981b12d7

          SHA512

          2dd27aa4a4cf8d4e79593b6875ef83d01463e3b5c73def34208ee787a693bdc485587a9c2532c43bbe5e486d39943c2d2521130e93ebaaacdf9cbdf0c8c7b0be

          Download Submit

        • \.Trash-100\ActivateDesktop.exe
          Filesize

          214KB

          MD5

          3ccf114db59e1efb5a5168cf12142fb2

          SHA1

          dc42d452f46f3576a30775943539dfd5d0eca482

          SHA256

          916584a07a04019a60789e07effe03758f47c36e0aec8292d188503938c889ee

          SHA512

          8678d02633d24c572e0487802c63c5dfb2c76fc41e17dd8f8a910458255b1216d2b95c08eaf3fed4905b1002b4613368e11923bdd3b5e5f5d37af7382a223f15

          Download Submit