Overview

overview

7

Static

static

3

46d81f44d7...18.exe

windows7-x64

7

46d81f44d7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46d81f44d72c65c57d58fbf5f4c215ae_JaffaCakes118.exe

  • Size

    858KB

  • MD5

    46d81f44d72c65c57d58fbf5f4c215ae

  • SHA1

    e087283ac6f64651e21180b0aff64b01ae9bdb3b

  • SHA256

    d291dd4f154bf58bb390ba65cef3a4418628635ed8797931c9a5bdef474d1ea6

  • SHA512

    f21eee08e698d456433845c3999cbcdccc2526f6761976b72cadc1f6a879845bea615b6c4b38973c83babf206969a9a9d99c588ffec88c5294b063795ff033aa

  • SSDEEP

    12288:3Qi3ZzUsxnLDiAbBwrIz8sn1bb7szctBDx:3Qi5UsxnLDZNwrI4YLg8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46d81f44d72c65c57d58fbf5f4c215ae_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\46d81f44d72c65c57d58fbf5f4c215ae_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\AppData\Local\Temp\is-GEP17.tmp\46d81f44d72c65c57d58fbf5f4c215ae_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-GEP17.tmp\46d81f44d72c65c57d58fbf5f4c215ae_JaffaCakes118.tmp" /SL5="$C00F6,588638,511488,C:\Users\Admin\AppData\Local\Temp\46d81f44d72c65c57d58fbf5f4c215ae_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-GEP17.tmp\46d81f44d72c65c57d58fbf5f4c215ae_JaffaCakes118.tmp
    Filesize

    1.1MB

    MD5

    a7a3391ba6a029181875bdcc79225454

    SHA1

    909e8faf06a3ca1b58130d1698eb2370b5dbc7a8

    SHA256

    a6e75d0bab21262cd1d6fb3e7e5247b32738e7dcb227200ee06787cd3cac8f78

    SHA512

    0409008fe4fc7eed92b5e78d9b0fb3584f16ddb9bee31f082803b885b30d3a980b98d910db0406c2f9dc0f431146df1853e3f9119dc1d65901d0f34c892d3cee

    Download Submit

  • memory/2104-0-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2104-3-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2104-11-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/4464-8-0x0000000000400000-0x000000000052C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4464-12-0x0000000000400000-0x000000000052C000-memory.dmp

    Filesize

    1.2MB

    Download