Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 04:52

General

  • Target

    9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe

  • Size

    5.5MB

  • MD5

    9096cdb646048480919a4197cd91b8ad

  • SHA1

    1e2915f52f3c070c0b3e4e4c4e40870190d9f504

  • SHA256

    f62941697cff5603382d69f2b3ab76cccf4df6e65b36425f37efe14929b6e218

  • SHA512

    fb1f7502721ecc0da4266ab6d4f4e5cdc51408fc859be0ac350a7b3188caa9187c6b27e6917afed74b6d0a2791996e3379d0c79ff8972919442dc1d873d35661

  • SSDEEP

    98304:bXlqRe3iMtVKvdKUHgTlgnQTaRp38sY+qCpRt01qwh+sEC0Uj38rg2sdTG7AZr/M:bXlbiNd0ISg3pYNqafhR0a3oUTG8k8u

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C7F.tmp\C80.tmp\C81.bat C:\Users\Admin\AppData\Local\Temp\9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Windows\system32\mode.com
        MODE CON:COLS=50 LINES=20
        3⤵
          PID:2496

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\C7F.tmp\C80.tmp\C81.bat

      Filesize

      4KB

      MD5

      51a2efdee76d1c9ef26ebe2b134027bf

      SHA1

      c99550ddef26f188327625940a47b3ac1168589d

      SHA256

      16406b3baf09a30ec080e469a4c7edf6909c0182df4945b6c8845937ed754f65

      SHA512

      3c0e55c45834fb730d6d21e88a3b0dc0bdcd094e9c2be631bd5e89ccfc44fa9a89ef6c052c1c007506965c53bd04b55702d2e1831cde918774b267177618018c