Overview

overview

7

Static

static

7

b1bfd9e80e...18.exe

windows7-x64

7

b1bfd9e80e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1bfd9e80e923d43d7f6d6f031becef7_JaffaCakes118.exe

  • Size

    87KB

  • MD5

    b1bfd9e80e923d43d7f6d6f031becef7

  • SHA1

    d1d7f71c013255c97800469d1952fdb7000190c7

  • SHA256

    249860345f6d4364a10c7b905c226090dd47363a133f5622384ec1f798c3e697

  • SHA512

    ee172d83821e8c5bc7268efcc93d7773ce255ecee29e2c2bcdbc17d9445ea4f929f92d39c55df0ca13ee04153455194048be5172a29cbff73022e1836bcd0348

  • SSDEEP

    1536:DtVdTStdV/VXtTmSTrVafD0vTcHKsBmNZJEZJyjn9mtnouy8V8bayN:DtVNS5/NNZ4HKE3fyj9OoutV8ZN

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1bfd9e80e923d43d7f6d6f031becef7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b1bfd9e80e923d43d7f6d6f031becef7_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:4056
      • C:\Windows\SysWOW64\cscript.exe
        cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
        2⤵
          PID:1496

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Downloader.log
        Filesize

        5KB

        MD5

        21ea9f55357aa2ef06d1c7be377bf76d

        SHA1

        3a8e6859aa06c23e3514243e6a8932978dc5464a

        SHA256

        66615de7f555855cde6a9d3f08b3b80dccb30aba7979c511ecc2771fbf2873bc

        SHA512

        ee93d1ff649266d5a642b535a9e1c69a763234013bfa32d4d5b62ec6cafed100d5be4df7f2ea5478e443b69552e95f9be42c7034e8df342e437ddb9464e1728c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Downloader.log
        Filesize

        1KB

        MD5

        cc095d7522168f2e87ee7550efcad267

        SHA1

        6fe1a55c5b2cf35abc3ab48d0d79a221f6e55b73

        SHA256

        7bc10ed9f43070499e1cf34565beca129872acc31a8018fa06f3e9ac2d8ca1d5

        SHA512

        21e64e64eb5cc9b0172f35b03692ce52f99db564c92201a159e0cd47a8deabf4be551d44de6789e29782a2d0e88dc424866bd419d278c05b78f3cf0b4e3dbb86

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\hd.vbs
        Filesize

        245B

        MD5

        d8682d715a652f994dca50509fd09669

        SHA1

        bb03cf242964028b5d9183812ed8b04de9d55c6e

        SHA256

        4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

        SHA512

        eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\init.xml
        Filesize

        448B

        MD5

        2671375f59445f55214c2252f49ee282

        SHA1

        622a6824c8873899445180c2a49123c6ff07788b

        SHA256

        e366429bbbf9bff09de62cd210c87a09a24ba3b5e326f0a7bd70703cc67911d3

        SHA512

        d803961cd5a34b86dc5f510cdf8a9e77a16aa3445d980e1f7f9dc59449005bd91a8d2654dc870be5fefa6a10b27b066baedf9b71d93d3b1e03706ac9833679c1

        Download Submit

      • memory/1964-0-0x00000000000E0000-0x0000000000115000-memory.dmp

        Filesize

        212KB

        Download

      • memory/1964-41-0x00000000000E0000-0x0000000000115000-memory.dmp

        Filesize

        212KB

        Download

      • memory/1964-76-0x00000000000E0000-0x0000000000115000-memory.dmp

        Filesize

        212KB

        Download