Overview

overview

7

Static

static

3

48e08db0f4...18.exe

windows7-x64

7

48e08db0f4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2024 07:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48e08db0f49c00478a6cddb4ae61f84b_JaffaCakes118.exe

  • Size

    117KB

  • MD5

    48e08db0f49c00478a6cddb4ae61f84b

  • SHA1

    b9c6ca1250b0546fac9c1042fcbaeee3237b0ea5

  • SHA256

    96d24375779ac2d3a945a9e11594866227ac64035ab994f6278d5d5a72ac84f0

  • SHA512

    143dff5aad2a6142b095e44c565f752913e81ec42186304430eeefff9481c1e3ab77c05cc5d169002b209ce96fe776913933fd5f9262f7e280a9c4216bac0664

  • SSDEEP

    3072:ikmWrVxUxpHrFToXF1PHDmQjpQcOc1Y6Cyux:wWZW0XFZDxY6Zi

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48e08db0f49c00478a6cddb4ae61f84b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\48e08db0f49c00478a6cddb4ae61f84b_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Windows\2.exe
      "C:\Windows\2.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 36
        3⤵
        • Program crash
        PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\2.exe
    Filesize

    103KB

    MD5

    c7b3866b2545e3eb23e0831372fa7c14

    SHA1

    25c6faec5a8111d08afeee82af42bae43015f0b1

    SHA256

    c88ae81ded6b6d0a63d71a89de5f1f0a9d228bb59dde69c92ec32fdc04fc8a13

    SHA512

    a96ec2db731409ac97e4782253f630ebc2b1debf042d2aee517478d706c0944462a3a25c33d6033f3ea3d54f5db87f30e77b56165593ce0af9f8a5dac6ea8eb3

    Download Submit

  • memory/2736-1-0x0000000000400000-0x0000000000420200-memory.dmp

    Filesize

    128KB

    Download

  • memory/2736-8-0x0000000002940000-0x0000000002982000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2736-10-0x0000000000400000-0x0000000000420200-memory.dmp

    Filesize

    128KB

    Download

  • memory/2740-9-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download