Overview

overview

10

Static

static

3

177de8455a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    177de8455a7e82315e1da7210a46234d_JaffaCakes118.exe

  • Size

    416KB

  • MD5

    177de8455a7e82315e1da7210a46234d

  • SHA1

    6755d20ba994e1a2439c38b504bec0cbab7b3d0c

  • SHA256

    22fb4c468f43906a916bb27007b0d73349be026dbd3e4a678d2bb8983a57a599

  • SHA512

    bcba5bd5ae640b2eacfd037815406afd38c744c466a54378113cfc44e673a8105d243233f7e6312063c277e82ec19f608c6b3caacc8c7e40eae7c213487770f9

  • SSDEEP

    6144:UKlFieEkP/KNaaUHZC9XHI/5j1M96227Pvaj8/skVCHXg8YH41BIC:UEieExNJq1M96FPu+1CHXg8YY1BI

Score
10/10
expirobackdoor

Malware Config

Signatures

  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 2 IoCs
    backdoor

Processes

  • C:\Users\Admin\AppData\Local\Temp\177de8455a7e82315e1da7210a46234d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\177de8455a7e82315e1da7210a46234d_JaffaCakes118.exe"
    1⤵
      PID:3872

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3872-0-0x000000000046C000-0x00000000004FF000-memory.dmp

      Filesize

      588KB

      Download

    • memory/3872-2-0x0000000000402000-0x000000000040F000-memory.dmp

      Filesize

      52KB

      Download

    • memory/3872-1-0x000000000046C000-0x00000000004FF000-memory.dmp

      Filesize

      588KB

      Download