Overview

overview

7

Static

static

1

27fbeda178...18.exe

windows7-x64

7

27fbeda178...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27fbeda178b09648587b63d44e4dbdf9_JaffaCakes118.exe

  • Size

    492KB

  • MD5

    27fbeda178b09648587b63d44e4dbdf9

  • SHA1

    bb81a81c7b956085bcb7bae503a2c55b6da12ab8

  • SHA256

    ab7227fc788469b6c19b8ac6b43db33a33cfeb893f20312aa48a609decac498d

  • SHA512

    6fd052714230090cf9aa220a33cda77cbabedfcc0563686ffecbf47e9d7eff421db0f6aeda19d258a403278a08c30351127d58de5de205a717bd0017cf5c95a9

  • SSDEEP

    12288:f6s2gciFt0zri1IBgcn67Kg/EZU7HJRRrom3mkldQWA7joVSb:N2flsj72P8dUZb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27fbeda178b09648587b63d44e4dbdf9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27fbeda178b09648587b63d44e4dbdf9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2900
    • \??\c:\66eaec41e6e811912b18151b8cbb59\update\update.exe
      c:\66eaec41e6e811912b18151b8cbb59\update\update.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      PID:4468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\66eaec41e6e811912b18151b8cbb59\_sfx_.dll
    Filesize

    30KB

    MD5

    b9b02d97007953e74caaa38497e7278a

    SHA1

    3954391efec4615a597594b02ad755f539d2fa42

    SHA256

    e4ecf14cf98b855642505802a04be2035db6e13600112c01632e2e600c8184cc

    SHA512

    78f39f6c6167ba61f52501912b3c5fa6d8c0d594be9f9a5b888b2cb4e19c1d499328fe28a90cc1457e15b14f78ce5a3591b8ed1468afb8d5e944df07a7ae2c6e

    Download Submit

  • C:\66eaec41e6e811912b18151b8cbb59\update\update.exe
    Filesize

    725KB

    MD5

    50914702cb6c72275018643c557ef8c5

    SHA1

    a60b307966ae1329ff1c16f187117768179bb719

    SHA256

    a0b2b5e50eff3968c6c05cf18fc93ba3fd2a5de6c35bda609b14e9247e99d2e3

    SHA512

    4005b7da7eab74d9be1c7847f0485354bfff974c0cf88a2bcc0a30168665218671721e784b55b6038bbb2399927850d607e5aaa178b290be91e636d988e76bfc

    Download Submit

  • C:\66eaec41e6e811912b18151b8cbb59\update\updspapi.dll
    Filesize

    370KB

    MD5

    9a055da2f2819f155c33d47cd67a7c00

    SHA1

    1ca0a282dbd483972b40bf4ccff4f747227f422c

    SHA256

    0acbbaa648ffbcc6375736dd35ee7a20bfcf5976dfc558ca72d820e7f7cdad85

    SHA512

    cf137d691c6a6c3e6611f2af4ccd462f291ab49f430a9fe4ff2746a4f3856255ec5d1551ff408b437b573000322131c9bd78fae74cace812ae81441df52a7a49

    Download Submit

  • memory/4468-49-0x00000000005A0000-0x00000000005FE000-memory.dmp

    Filesize

    376KB

    Download