Overview

overview

7

Static

static

3

18933ca340...18.exe

windows7-x64

7

18933ca340...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18933ca340abdaf566f0fc8ccb73f5b2_JaffaCakes118.exe

  • Size

    4.0MB

  • MD5

    18933ca340abdaf566f0fc8ccb73f5b2

  • SHA1

    80da5432c14b98ac99a8e64dc1774c37fa9e3d4b

  • SHA256

    c5e0162d197e85181dc7b27648b5b62d170032c7ac98840dac5d81fcf1a0c4a3

  • SHA512

    47d1d0b06748c1a3e7ea1b779fab2977eccb3ef5495a79c2aff31fd5b54985df18cdc8a7efc76e1313829998ed582ff0e02a1aaa43de8f0e67644d43567903e3

  • SSDEEP

    98304:edp435qIHpu7LFjjJd84RXek0niM7J5h0KrX4:iY5q37LFnJa95bX4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18933ca340abdaf566f0fc8ccb73f5b2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\18933ca340abdaf566f0fc8ccb73f5b2_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Users\Admin\AppData\Local\Temp\is-2JQ5T.tmp\is-D57DT.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2JQ5T.tmp\is-D57DT.tmp" /SL4 $B0068 "C:\Users\Admin\AppData\Local\Temp\18933ca340abdaf566f0fc8ccb73f5b2_JaffaCakes118.exe" 3954552 52224
      2⤵
      • Executes dropped EXE
      PID:700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-2JQ5T.tmp\is-D57DT.tmp
    Filesize

    643KB

    MD5

    036ef63e2f9b138a42d6adb54ec0cd1e

    SHA1

    353db5d438205a726a6d54beb62f9c62638f501d

    SHA256

    71b487f0523f213004766402b22bf86fa0ef9891e940d2a4cb12eba6627e7cc6

    SHA512

    31b8f6e76c8c4f5323f12384c41f6f2b04e58545c121da71e2a4da947a9c0aea9eb05df4f8199cc6dc89bc238577c4e2d5fb4b66e77e1130bc72b6c38f207cc9

    Download Submit

  • memory/700-7-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/700-8-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/1504-1-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1504-3-0x0000000000401000-0x000000000040A000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1504-9-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download