Resubmissions

08-05-2024 17:36

240508-v63xpahh27 6

08-05-2024 15:41

240508-s4smtsea68 10

Analysis

  • max time kernel
    1s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-05-2024 17:36

General

  • Target

    258c60b279a8debef184b5c01766604f_JaffaCakes118.exe

  • Size

    280KB

  • MD5

    258c60b279a8debef184b5c01766604f

  • SHA1

    011f5dda5f08ac9f3ec5723ce3d54ad738f8a367

  • SHA256

    20a58ef0190c09058cef8c973a92a39a1aa125a350cd47e381d44937983274a9

  • SHA512

    50d90c2eedbf941d6e38ab8274b11654bcf8b613c8aa03ba10fcc9a4ef29551ed88f47d21bb12c11648e7524a8d1fe73c11e0c8864d01b8c9fe0773952e5c313

  • SSDEEP

    6144:72j756oaGYq2ygcOCJPExIn52TO18L63E4xK:yj09ygcOQZ5iO1u38K

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
      2⤵
        PID:1428

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2656-0-0x0000000075051000-0x0000000075052000-memory.dmp

      Filesize

      4KB

    • memory/2656-1-0x0000000075050000-0x0000000075601000-memory.dmp

      Filesize

      5.7MB

    • memory/2656-2-0x0000000075050000-0x0000000075601000-memory.dmp

      Filesize

      5.7MB

    • memory/2656-6-0x0000000075050000-0x0000000075601000-memory.dmp

      Filesize

      5.7MB