Overview

overview

7

Static

static

3

2eab433852...18.exe

windows7-x64

7

2eab433852...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2eab433852eb22292a15accd533af8bb_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    2eab433852eb22292a15accd533af8bb

  • SHA1

    673fb06eba1788c97eb7df86208b89f47de262f0

  • SHA256

    c86cd367d9599c6a7e6c57536cf6d5cbf517778b55468944aa51aa125a8c1a83

  • SHA512

    a4a8d86368d4f9ced704b60186e8d3814803ac36d3803c4061dc73fe49cd9e753c26f3a4af0898b80e88727210d0277abcaec23dbdeea2cc4287915c1a094005

  • SSDEEP

    49152:Qoa1taC070dolw74gOQwgM98nLhSW2U+mU:Qoa1taC0Hw7ppzL9H+mU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2eab433852eb22292a15accd533af8bb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2eab433852eb22292a15accd533af8bb_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Users\Admin\AppData\Local\Temp\7ABE.tmp
      "C:\Users\Admin\AppData\Local\Temp\7ABE.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2eab433852eb22292a15accd533af8bb_JaffaCakes118.exe D33C15E4A940ED44488C7314CF1ED3272B3C26FD666228A3A124925DF0E39613E813A10F3B1F3C4DB62DD49F0CA37C212743D890174040457D1132540FDA1567
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7ABE.tmp
    Filesize

    1.9MB

    MD5

    562b0d73318eff67faa9f9b80725b068

    SHA1

    7e073a77357250074ac4382a06b4a13af7d6d736

    SHA256

    c293964f603bcbcf64e6132adbee0928713dbba77c914bb469c40b265f43dbcd

    SHA512

    39ad6dc11ed5d167d03583762c8240d3becfd9dd289c10020c2dbb33b57e2c0c1478366f8e0bcae936e45717a582134c63c77fc469cdab52a703d494f488d468

    Download Submit

  • memory/1908-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3692-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download