Overview

overview

7

Static

static

7

10660987d2...18.exe

windows7-x64

7

10660987d2...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10660987d2359d92a5a1102e4697eb02_JaffaCakes118.exe

  • Size

    98KB

  • MD5

    10660987d2359d92a5a1102e4697eb02

  • SHA1

    9de843cf2d8597b49a204bcb451e3a545b943995

  • SHA256

    c6a04ba55a2a140878b0ce575c6212748b4a55b0a0449b3f8ec0c4b350f217ab

  • SHA512

    61373c2c5b6ac29cbf629accba35fa585162b037e5eecbf4e822b4ce7190e6a5a2e12f1e30725571922c27a1763d201405efc8703aab5b6963d5c4680b882b91

  • SSDEEP

    3072:Dcp2VlGicx6STryuCrBbrj+ZhPo2oBjyAoutJ5vo:Ip+Gicx6SH/CAZONYAoSJ5vo

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10660987d2359d92a5a1102e4697eb02_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\10660987d2359d92a5a1102e4697eb02_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3600
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:4772

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Downloader.log
      Filesize

      1KB

      MD5

      ffd7af8bfcaeb2ebae5b0d356dd3fa64

      SHA1

      186edc7fe220e81988b41403bec9cb20e7c6b5b1

      SHA256

      e670fbcd16234682f649fcf5d2d7b6c90a7c4368b66a272e0b02e9a64d504c3b

      SHA512

      04fb73adbcdd695b7e72a5cf130c8c9147ab16a9111af6c93297b28b8eb1a5b08e13e26232bdfc105800f89dd166b01f941a91fb2acf63de6512747e2e7d7d20

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Downloader.log
      Filesize

      4KB

      MD5

      5d511b5584cbcc1cfcb52b9230b60425

      SHA1

      7d112af0f29dd28f5e51b0a13b870bcbf023896e

      SHA256

      d44cb474d305220a1c6a89eda3cc942737695f9dd358382fb63dac19ddc1d0b7

      SHA512

      2a233b63ca48c30c739857d03ba81d63b49e146d2fbc68223bcb258938ab1e53638f9a1767746607331e16df2ae1019b9ab00a94fe3b9dedd24016d1ecacb97d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\hd.vbs
      Filesize

      245B

      MD5

      d8682d715a652f994dca50509fd09669

      SHA1

      bb03cf242964028b5d9183812ed8b04de9d55c6e

      SHA256

      4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

      SHA512

      eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

      Download Submit

    • memory/3600-0-0x0000000000AC0000-0x0000000000AFD000-memory.dmp

      Filesize

      244KB

      Download

    • memory/3600-38-0x0000000000AC0000-0x0000000000AFD000-memory.dmp

      Filesize

      244KB

      Download