Overview

overview

7

Static

static

3

0d8fadd33c...18.exe

windows7-x64

7

0d8fadd33c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 09:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0d8fadd33c2305fc88d16c37c57d7c69_JaffaCakes118.exe

  • Size

    86KB

  • MD5

    0d8fadd33c2305fc88d16c37c57d7c69

  • SHA1

    531b2483447da8a8d32d30a6022a259248ef4006

  • SHA256

    aa0aa41090b9dd5bb1e7930fa0b086caa761a3626da4d9f3c7771236937ceb4c

  • SHA512

    8693c3ad133273a254b00ea26a25a669b671dbf8c477e0dfc02da4eb50e887551b7aa057896469aa3382e7edaf16721ec50f99a0831e0d923ac0da26e9685c25

  • SSDEEP

    1536:kr5ZczzFnToIf9hjGzqwDT3AM48C39jhKXmiM3LuflC377gC1f:kr5ZczztTBf9NAPYM48C39jhYm1Ec37H

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d8fadd33c2305fc88d16c37c57d7c69_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0d8fadd33c2305fc88d16c37c57d7c69_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\0d8fadd33c2305fc88d16c37c57d7c69_JaffaCakes118.exe"
      2⤵
        PID:3380

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\Isatlcr.dll
            Filesize

            53KB

            MD5

            7b01296e0bab3fb32628b9f942179d54

            SHA1

            eff44986784e7e670b3799edbe262e6c595c35c3

            SHA256

            ebfa2706b0e21791844a68da51a544fc09831fd91e0eefb35842b9f0c4295be8

            SHA512

            284b62ed7079dfe3027b7935ba0e4027df9f720a07450b75ffe8cfb5cf1ef57600b9d4ce24b089a9b9b15db70516f23706a6de9d9a3e8224adbae7143a2b654f

            Download Submit

          • memory/1200-3-0x0000000010000000-0x0000000010010000-memory.dmp

            Filesize

            64KB

            Download