Overview

overview

7

Static

static

3

950ccf47cb...18.exe

windows7-x64

7

950ccf47cb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 13:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    950ccf47cb1872e9c109462a3e8e7af0_JaffaCakes118.exe

  • Size

    316KB

  • MD5

    950ccf47cb1872e9c109462a3e8e7af0

  • SHA1

    070b091ca78aa82af11223b5dc17178ae5866600

  • SHA256

    e4d219be865906ed2274d45fd807f9f41cd4012077e7a44b819caf17ef797e4f

  • SHA512

    3e93b62334191d8c34fa759664d0c152dad2338e98634a6705c7bb37b92bc4dfd7d074ad1423b03a6cdbe160ea220831b868eda392cf37d393cca648927f64d4

  • SSDEEP

    6144:vmZk7R2pYKYXwf8njVxOFFSb5syK6oRcmcvCUshUw3oGfW3OFV7/EB/27s:eZWR22XXwfcRboRcmc9sV3oAWa/Q/r

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\950ccf47cb1872e9c109462a3e8e7af0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\950ccf47cb1872e9c109462a3e8e7af0_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Users\Admin\AppData\Local\Temp\7zS2B93.tmp\winvnc.exe
      .\winvnc.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS2B93.tmp\background.bmp
    Filesize

    1KB

    MD5

    6ce6e5fcf1a56b80f4ffa6f685d4329d

    SHA1

    91780868c241e83754003855407805c0cda20254

    SHA256

    6fcc92e281d25569d300297ef79a5796bc5e0c226aa35624dd6a9f38b8413402

    SHA512

    7af21c8840f56c5ded22161504dd3d6c282ad83a0fb1f711fccfc7d87676de3036120e60e2c0e57fb998a0dcfe512950d3f16e0bdcb493d37a681f31b8cb399f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS2B93.tmp\helpdesk.txt
    Filesize

    1KB

    MD5

    3691fa991016dc815146adf5679ebca3

    SHA1

    616e90f4d8baa9de66c160085c0af66208de4573

    SHA256

    ba139752a8c3b80f5b6cae43202fcbb73fe4049da2e4d436bb5e6e0ac004292c

    SHA512

    112cf84bccced2988e69d01765d1ddda887d122a66d0da4f39596e4b754357032189653f846fae0ef0b7029c78b4a760dc324f08a2ae001eadc9448fa54d2d90

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS2B93.tmp\winvnc.exe
    Filesize

    251KB

    MD5

    17ea95776e24f8386dca277a00212b8c

    SHA1

    04193bd1ffe73034445b830a8c30fa781508013b

    SHA256

    034b7899101bc9bfd7f622424dc1d50e3894f1d8eb8c13bb344073da827d7ca5

    SHA512

    02e5e11b46028e46edbc0df21fc3cd1b16cb06de380fbf4f490cc3e50837d9fb11a4e1ac0f06e85a78d16b946c3931b18b72a70f1469c5f3d5fa971a968a2524

    Download Submit