Overview

overview

5

Static

static

3

373dfeade2...18.exe

windows7-x64

1

373dfeade2...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 01:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    373dfeade2fd8f0e3e439e5306ead035_JaffaCakes118.exe

  • Size

    96KB

  • MD5

    373dfeade2fd8f0e3e439e5306ead035

  • SHA1

    1e93bf8cbf2dd0b3b7a3032da716703a38945a30

  • SHA256

    e191b4f997032b16bdd18a7e6c3f3db11bc619642975824ce5c1050249f0ad00

  • SHA512

    88a339b29094ad58ebe932dd3cedf9cadd70954a047c2758860373645623bdbcf6705c8000097cf72a3f4dc04819422aa20dd8da931068a9556d7e2d5eb26887

  • SSDEEP

    1536:MRXtcnX8hNxZtQ1rL3UZvDXIy3n3Pe8G8/LA4Famm:MU836lL3WLXI63J/LA4wz

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\373dfeade2fd8f0e3e439e5306ead035_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\373dfeade2fd8f0e3e439e5306ead035_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4928
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 564
      2⤵
      • Program crash
      PID:1096
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4928 -ip 4928
    1⤵
      PID:3132

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4928-0-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

      Download

    • memory/4928-4-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

      Download