Overview

overview

3

Static

static

3

2fefb61147...18.exe

windows7-x64

1

2fefb61147...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fefb61147a9e85c00c5c2ac254cd718_JaffaCakes118.exe

  • Size

    89KB

  • MD5

    2fefb61147a9e85c00c5c2ac254cd718

  • SHA1

    6421f22d69ce102926f3ac3d57b180a4f448418c

  • SHA256

    97c4d8767a23e50887a4ba3aa3f7288075a7ebdae547686721baf4c6d7b8036c

  • SHA512

    0781b14189b074068628e615736e4caf657472d587d5c26f1b86fa366ac371630628c63e81628233e9167998fdb5b3faa6c391fb509aec7ad6728800c361aa1f

  • SSDEEP

    1536:PQQ2aTmzPfYPpIGmMQ5qwsVHYDP2KaruZUp8gPLKg9kw:PQQ2aS7u7XQ5qTx+P2KarJpxKg9kw

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fefb61147a9e85c00c5c2ac254cd718_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2fefb61147a9e85c00c5c2ac254cd718_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:580
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5809D68.bat" "C:\Users\Admin\AppData\Local\Temp\2fefb61147a9e85c00c5c2ac254cd718_JaffaCakes118.exe""
      2⤵
        PID:2988

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\5809D68.bat
      Filesize

      1KB

      MD5

      780f998d9a8769cab0e9f83cdfb5ce4e

      SHA1

      6449bea418a3593bd21679ce6d4e3cd058f62b15

      SHA256

      56d15bcf7eccd0d3d6a1f68c1981ccc507b00e18ac857ab6175501d102082c6f

      SHA512

      b337c9c929af9a929f3e701fc19b205dd21e9e5c886af634870f2f67396950da031f6aaf0c858998c10e751408f83461151cef5d15831dc7d516b0ad28b1482d

      Download Submit

    • memory/580-3-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download