Overview

overview

7

Static

static

3

35b2bf09e7...18.exe

windows7-x64

7

35b2bf09e7...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 17:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    35b2bf09e7c6c154e3c3234d4e25cd82_JaffaCakes118.exe

  • Size

    47KB

  • MD5

    35b2bf09e7c6c154e3c3234d4e25cd82

  • SHA1

    fb19a996780578d8b3a1dcc413acca26a836e85e

  • SHA256

    bec6eeb9af5f15fd412d1efd34488b0a274819362baaca9204e9ec845b9b6bfd

  • SHA512

    dbe343fbdd98d6c1f3c6dfc36d2eead730498736cc40ad530e9b9371554958951c31b01e49e43cdfe68ed869f0d63ef352206d322625e0cb9751a29c4283b7d9

  • SSDEEP

    768:QFrZkB8ChTQTBBO8mu3nZgYk2hZnyXCXwzezSMdH1gu5k3iA4F8We:QFU8ChTc3OEXZuE5Y5yvdzKyAuNe

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35b2bf09e7c6c154e3c3234d4e25cd82_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\35b2bf09e7c6c154e3c3234d4e25cd82_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Users\Admin\AppData\Local\Temp\fSekrit-7BC7.exe
      "C:\Users\Admin\AppData\Local\Temp\fSekrit-7BC7.exe" -edit:"C:\Users\Admin\AppData\Local\Temp\35b2bf09e7c6c154e3c3234d4e25cd82_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      PID:1708

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\fSekrit-7BC7.exe
          Filesize

          45KB

          MD5

          160f65f42ea1527784a842bc24c796b1

          SHA1

          9f7b3eb8771d3db5e56932d39f018cb4ad1defc7

          SHA256

          5cabd152827e249e0f1ce6ed3d8751ac0a41d5e572d40d982fcd4dcd53871cd6

          SHA512

          b1b6641424210fc040647728431d11c5b16c5a46f572a97f110a7446d6ab6bb9e067766012a120e9c4953baff44a79467cc0998a19132c2cef85e235ab275fe1

          Download Submit

        • memory/1708-18-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-20-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-29-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-28-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-14-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1708-13-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-15-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-16-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-17-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1708-27-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-26-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-21-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-19-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-22-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-23-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-24-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1708-25-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1908-1-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1908-0-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1908-12-0x0000000000400000-0x0000000000423000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1908-5-0x0000000000230000-0x0000000000253000-memory.dmp

          Filesize

          140KB

          Download