Overview

overview

7

Static

static

3

248a7c1b67...18.exe

windows7-x64

7

248a7c1b67...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-07-2024 03:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    248a7c1b67f3fea5615308561328b823_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    248a7c1b67f3fea5615308561328b823

  • SHA1

    006d4530c35f3d823f266242bde05d0b3c513f50

  • SHA256

    287d7d1dd3eec79cc486ed3e749be470c15b0e6a4dca109840350a7a06267acc

  • SHA512

    122758803133c0b991d4807b4ff98b4feb777c8832bd405b7237a2b2548cae21f6b5411470f72e0b556287c1c4e33685464d2163a2ca259613407287dc31220b

  • SSDEEP

    49152:Qoa1taC070dA4VQfoZWp9j+rLkvTVoc4W2:Qoa1taC0odW2r2Tac4W2

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\248a7c1b67f3fea5615308561328b823_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\248a7c1b67f3fea5615308561328b823_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Users\Admin\AppData\Local\Temp\5331.tmp
      "C:\Users\Admin\AppData\Local\Temp\5331.tmp" --splashC:\Users\Admin\AppData\Local\Temp\248a7c1b67f3fea5615308561328b823_JaffaCakes118.exe 5B2FC8F92E01AACC3CE3709C117A5A201BFB18C71F4C3A2E64E0E1EABF8EC9A341DA356582D19B88FDBA7CF1894113946ABE98F7C61EF60C75C8F86220D31948
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5331.tmp
    Filesize

    1.9MB

    MD5

    91b14ca8799b6e4cad4c146d8335a65f

    SHA1

    44b5f70ed28fc73671ed4ba0334724d02f31926e

    SHA256

    31117c8ef973d81712c8da5245b281c74d90387656de83de538aed0629d61afd

    SHA512

    938b9b205e9887100922100b350ef14e6173d9df2453007b2b0184cfb59d2a15cdf43da75bcfbcd8e85125d5457a14e8eb241dc786f801d81e2a00864449450f

    Download Submit

  • memory/448-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4796-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download