Overview

overview

7

Static

static

3

658a4696d5...18.exe

windows7-x64

7

658a4696d5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 01:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    658a4696d5f3e20b812bedbf95c970e3_JaffaCakes118.exe

  • Size

    666KB

  • MD5

    658a4696d5f3e20b812bedbf95c970e3

  • SHA1

    0deb6aa3c96ac60d9ad8a7b13ac4d782c3637456

  • SHA256

    4ea23661dc33ffd9d8904934cb3eb91f2eeccd46e2569a5947e12e866cd02769

  • SHA512

    d1dbc90f980625c61918e141fe305308c6234b866e711007704a30a27fad9575b25ddbb4f06fa134287664ca744970cef2c9a5d95bd2103b1c3a8709bf6a79c9

  • SSDEEP

    12288:4yIFE9GWvmcy0l4UDvvPBBPQw75s/WBDLFgXG1944q1QH/OOC7d0BRVvG9C+ZO:4yI+9G0mslJLPQZ/W18gC1OxMuBRUq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\658a4696d5f3e20b812bedbf95c970e3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\658a4696d5f3e20b812bedbf95c970e3_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Users\Admin\AppData\Local\Temp\is-LV49Q.tmp\658a4696d5f3e20b812bedbf95c970e3_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-LV49Q.tmp\658a4696d5f3e20b812bedbf95c970e3_JaffaCakes118.tmp" /SL5="$A01D2,421019,58368,C:\Users\Admin\AppData\Local\Temp\658a4696d5f3e20b812bedbf95c970e3_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-KFSPE.tmp\_isetup\_isdecmp.dll
    Filesize

    23KB

    MD5

    77d6d961f71a8c558513bed6fd0ad6f1

    SHA1

    122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a

    SHA256

    5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0

    SHA512

    b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-LV49Q.tmp\658a4696d5f3e20b812bedbf95c970e3_JaffaCakes118.tmp
    Filesize

    702KB

    MD5

    1afbd25db5c9a90fe05309f7c4fbcf09

    SHA1

    baf330b5c249ca925b4ea19a52fe8b2c27e547fa

    SHA256

    3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

    SHA512

    3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

    Download Submit

  • memory/1492-2-0x0000000000401000-0x000000000040C000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1492-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1492-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3124-8-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/3124-14-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download