Overview

overview

7

Static

static

3

6911aabc7c...18.exe

windows7-x64

7

6911aabc7c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe

  • Size

    769KB

  • MD5

    6911aabc7c57719b78a02e5303bebeea

  • SHA1

    aa82a4e1fd73ba2039aff243f82c7f043921c68a

  • SHA256

    20c59147a03fed2a1153540737dab7572b2f2735089d65fb3ccf18a62740a511

  • SHA512

    9dad01479972eeed606308a503305a0651b3cab9a28eaf41eba7be588049844a7ffcc447da5daf1ea7a0c6fc8f44b4bdb87ac64b8a10460fa1fdbe5b0de6bde1

  • SSDEEP

    12288:xyIFxrVelcdsf2RqGLKyIwSSPNYrF/Th7z9YdHO/6R2OPJBj:xyIHBelwsAfKiPN4x2HN77

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Users\Admin\AppData\Local\Temp\is-DTAHE.tmp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-DTAHE.tmp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp" /SL5="$A0054,509598,229376,C:\Users\Admin\AppData\Local\Temp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-2PH6N.tmp\itdownload.dll
    Filesize

    200KB

    MD5

    d82a429efd885ca0f324dd92afb6b7b8

    SHA1

    86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

    SHA256

    b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

    SHA512

    5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-2PH6N.tmp\psvince.dll
    Filesize

    42KB

    MD5

    d726d1db6c265703dcd79b29adc63f86

    SHA1

    f471234fa142c8ece647122095f7ff8ea87cf423

    SHA256

    0afdfed86b9e8193d0a74b5752a693604ab7ca7369d75136899ff8b08b8c5692

    SHA512

    8cccbff39939bea7d6fe1066551d65d21185cef68d24913ea43f24b8f4e08a5581a9f662061611b15b5248f5f0d541e98d6f70164aaaad14d0856e76fabbfaa4

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-DTAHE.tmp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
    Filesize

    869KB

    MD5

    9700227bf53c9a62bd8dbc671422adbe

    SHA1

    8ea54116868c7f5223d0f25176b1e786fa150af7

    SHA256

    2474c6e72fc638aa29924ec53d94cf970684f909d82c5f9cc2e7aae616e223b3

    SHA512

    a5a58bc39139f21ce3813faa8cb0b7783e7339dd1b202ad98b39eba03d96b8a880eff34a9e3a1d546330a4ee1762f97b3c3dc5d75de70ebdc91d7e5cc364fac9

    Download Submit
  • memory/1808-7-0x0000000000400000-0x00000000004E9000-memory.dmp
    Filesize

    932KB

    Download
  • memory/1808-12-0x0000000003280000-0x00000000032BC000-memory.dmp
    Filesize

    240KB

    Download
  • memory/1808-20-0x0000000000400000-0x00000000004E9000-memory.dmp
    Filesize

    932KB

    Download
  • memory/1808-19-0x0000000003280000-0x00000000032BC000-memory.dmp
    Filesize

    240KB

    Download
  • memory/4560-0-0x0000000000400000-0x000000000043F000-memory.dmp
    Filesize

    252KB

    Download
  • memory/4560-3-0x0000000000401000-0x000000000040C000-memory.dmp
    Filesize

    44KB

    Download
  • memory/4560-22-0x0000000000400000-0x000000000043F000-memory.dmp
    Filesize

    252KB

    Download