Overview

overview

1

Static

static

1

901a0474e5...18.exe

windows7-x64

1

901a0474e5...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    901a0474e5471b043cf6178d3bf1af49_JaffaCakes118.exe

  • Size

    532KB

  • MD5

    901a0474e5471b043cf6178d3bf1af49

  • SHA1

    140b980e74acd42c06a97a17db1b81943ba83a45

  • SHA256

    eb7b09d984b8bf357d7a9e07bb3d9936729b038e2910aa3439d5c3473c81330d

  • SHA512

    4541e7277d684fc4a4c6a14c55df6738c3745bc6832256d7a0b449d2b9d47f1f91f6cada085f39fa49edb9086b3b6c3379fae910be8e8866bffd6f96301fc257

  • SSDEEP

    12288:ESCSMLTujIgirmLphpn1oxd0wh2DhqpnAToZ1QmDl:EtfIamLpn1c0wS81QmB

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\901a0474e5471b043cf6178d3bf1af49_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\901a0474e5471b043cf6178d3bf1af49_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3256
    • C:\Users\Admin\AppData\Local\Temp\901a0474e5471b043cf6178d3bf1af49_JaffaCakes118.exe
      tear
      2⤵
        PID:2036
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1136

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2036-4-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/2036-5-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/2036-6-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/2036-7-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/3256-0-0x0000000000476000-0x0000000000478000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3256-1-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/3256-2-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download

      • memory/3256-3-0x0000000000400000-0x0000000000490000-memory.dmp

        Filesize

        576KB

        Download