Overview

overview

7

Static

static

3

2bb2d74df6...18.exe

windows7-x64

7

2bb2d74df6...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 21:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2bb2d74df6aa50d8ae7fa443a9c93efb_JaffaCakes118.exe

  • Size

    13.8MB

  • MD5

    2bb2d74df6aa50d8ae7fa443a9c93efb

  • SHA1

    8566b840efb8748ddf5de31d38076334f36dc673

  • SHA256

    8e6692456a14fd96a79b28192e3e493dc0214a76a3da5673b2146812a3c8aaef

  • SHA512

    38dbf7bbd07022a24dca26c362d0facb3777feab46463da1d95e9e1783d3b117953b8862e6a568f171cbb5aea44e8bc52d7b6c5e26212698a964f1093ab6cd5d

  • SSDEEP

    393216:zn5N1rsaqV8o4r1UTAC8wIlP1hvYuDdSEDXQ:znxsl4r4ACr+vYgv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bb2d74df6aa50d8ae7fa443a9c93efb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2bb2d74df6aa50d8ae7fa443a9c93efb_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Users\Admin\AppData\Local\Temp\WZS7790.tmp\msetup.exe
      .\msetup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2324

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\WZS7790.tmp\web\SPButton.gif
          Filesize

          833B

          MD5

          15294b0562636639c518c8404659969a

          SHA1

          b29d9902de59211d822613dc473f5ee25cb75de2

          SHA256

          08f72fcf8e9c53cb5ac8fdca2b8ff595dcdaab4e842a8ecbb293b4f84cfb8aa2

          SHA512

          84bfbc7b020796a3b18f6e83054080d7c2748dcfc4837089152f3285940d584fd6bf33128b7b1d8ddce0d3dcc89b8503bd50fc96016e26b03cf81a68d5e8996f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\WZS7790.tmp\www\nwimg\mail\surge\help_right_on.gif
          Filesize

          92B

          MD5

          d7274d6c85b87de453b3233a5708272b

          SHA1

          27b07a4567e9bb0a3dbbd281ad237b7e97f10728

          SHA256

          fbccec5ee8fa25e91cb44f23a3542f124636dfe75e1da59e843cbd5d357a913f

          SHA512

          7ff736bbaf0ca4a0289ae6a73739db0196e2745552d2a87517c251dd383225732477dedcd1926fe32fb43d815bb67933bcb3b4cba44feaa5f03a467f492a9fa8

          Download Submit

        • \Users\Admin\AppData\Local\Temp\WZS7790.tmp\msetup.exe
          Filesize

          1.1MB

          MD5

          3f8efdd583b6da69d2a992e1828c27a6

          SHA1

          ec25c15e446dc1e51d29cbe53c133a4212b86900

          SHA256

          c24dcf537c56dbf55481768768d1be6a3f15d71c01050d5b8b186a3dffd7b1d1

          SHA512

          3af13527a1385e89292a4119b4b0795ff05bfd36ff498dafece5b6444bb58d4a8d2378c146692b094ee3144f5865c0217b4b9e1d5c19381d08490b189be605bf

          Download Submit

        • memory/2324-2128-0x0000000000400000-0x00000000009FF000-memory.dmp

          Filesize

          6.0MB

          Download