Overview

overview

7

Static

static

3

3bc17a4cfa...18.exe

windows7-x64

7

3bc17a4cfa...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12-07-2024 03:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bc17a4cfac6192238cf24edaa69fd8d_JaffaCakes118.exe

  • Size

    16.6MB

  • MD5

    3bc17a4cfac6192238cf24edaa69fd8d

  • SHA1

    763b2f77a82dc7324dc8c31c609aa52c74a53e2f

  • SHA256

    843f195e63b5b13596326f5c284dd063b5f4414df001ac1e370ee73f170c8c4f

  • SHA512

    488d818d87e2dd9bee80dec715aba51c8bb61e3de93de335cca2fcac3295fd2a3ebad279a7f185bfac419c85ba4f395c11270de3edcfb3394cfacd62ea059ce9

  • SSDEEP

    192:/G/2VgqKGxmQtAy2dNQOa099GfsvYgmhT9zHJxhlQtAwimP1oy2+RaZ:/G/vg0xlGHjRNvQtAjQ14+4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bc17a4cfac6192238cf24edaa69fd8d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3bc17a4cfac6192238cf24edaa69fd8d_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Users\Admin\AppData\Local\Temp\3bc17a4cfac6192238cf24edaa69fd8d_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\3bc17a4cfac6192238cf24edaa69fd8d_JaffaCakes118.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Windows\Googlejh.ExE
        "C:\Windows\Googlejh.ExE"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Windows\Googlejh.ExE
          "C:\Windows\Googlejh.ExE"
          4⤵
          • Deletes itself
          • Executes dropped EXE
          PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MyTemp
    Filesize

    84B

    MD5

    b609a402ca30d8b725970b9884a12aa0

    SHA1

    7ef1d3071cc349cea11c7acf2ba7653bffa9a6a4

    SHA256

    09c8032f9fc2d15c7c3aeb1a9869d7c48ae427b13c10b61eec5c9494b7e3ef46

    SHA512

    86a4b0270ddf4d08ba0db061e1fee3c3e401a9cafd0848290ad4bc168a79094c86050a46b468ea01c544fbff53d84db15a4d4e40e7a935238175be714472e06a

    Download Submit

  • C:\Windows\Googlejh.ExE
    Filesize

    16.8MB

    MD5

    b8f5dc34c0c058a21e738e9b432a38b5

    SHA1

    c079ccbf4096f2bf6c606ce86dc3c5e33e009902

    SHA256

    9f4dd00e69a33fd4a3c424d15eff5f154332d60dc391a31469c66a5876f19ba0

    SHA512

    ba208d484f3c813c581ba4147131f6b3b7f79b6a950743b0471721b693ef6af010c9c36500b2d3b5b8f586d014a76216b9297f0888d9bd45df805a116b1f155c

    Download Submit