Overview

overview

7

Static

static

7

489a199179...18.exe

windows7-x64

7

489a199179...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 06:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    489a1991799eb0b2672ce6d5eb71bcf4_JaffaCakes118.exe

  • Size

    133KB

  • MD5

    489a1991799eb0b2672ce6d5eb71bcf4

  • SHA1

    04813f8e29fe975f746839365ccd9e251ef6ca1a

  • SHA256

    ede9da5154185c24c18bf3ec8ee5d69d6a1412824b7fa7d9b968f02c5ef9ddcf

  • SHA512

    063dd79426e07867c1d29c0b85bd3642ef623f4f2d49c5ee0b0a1e0cd24603c9d26d407180f032d96570d4bffb9688e14d50da0fb0028c05df52b1f1466d89d3

  • SSDEEP

    3072:CEyTUX4V1CRosbgT0VUXUiaDHBCirm1dXi7tzj3ZssHQ:e3QysUGUY5mXSFF5Q

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\489a1991799eb0b2672ce6d5eb71bcf4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\489a1991799eb0b2672ce6d5eb71bcf4_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3628
    • C:\Users\Admin\AppData\Local\Temp\489a1991799eb0b2672ce6d5eb71bcf4_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\489a1991799eb0b2672ce6d5eb71bcf4_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1820

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\489a1991799eb0b2672ce6d5eb71bcf4_JaffaCakes118.exe
          Filesize

          133KB

          MD5

          a97e3f442c989f90cd616bc7877c3050

          SHA1

          74141ce02d4ed4c10a564e2764e91a6e30210751

          SHA256

          52195a45f95cea24b24bd35cba1c8404ce354a55007684e7c2049bb3ef094869

          SHA512

          860323c9c28cc483427db06ce8ab598925399f14cca52c231646d0267cb253d432df98fab78d939e232464003eedf38ecebcde86ca400ed1729bde82f1e1d976

          Download Submit

        • memory/1820-15-0x0000000000400000-0x0000000000486000-memory.dmp

          Filesize

          536KB

          Download

        • memory/1820-16-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1820-22-0x00000000001A0000-0x00000000001C1000-memory.dmp

          Filesize

          132KB

          Download

        • memory/1820-37-0x0000000000400000-0x0000000000486000-memory.dmp

          Filesize

          536KB

          Download

        • memory/3628-0-0x0000000000400000-0x0000000000486000-memory.dmp

          Filesize

          536KB

          Download

        • memory/3628-1-0x00000000001C0000-0x00000000001E1000-memory.dmp

          Filesize

          132KB

          Download

        • memory/3628-2-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3628-14-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download