Overview

overview

7

Static

static

3

5d8004040c...18.exe

windows7-x64

7

5d8004040c...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 20:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5d8004040cfbd8718d9922b20f9485c6_JaffaCakes118.exe

  • Size

    323KB

  • MD5

    5d8004040cfbd8718d9922b20f9485c6

  • SHA1

    dd9e37a893068d0660980513c7aa89a49b0b0cf7

  • SHA256

    f25e3d83c71de79521f9e88b9c1c25c7f7c3c40b1339a1791f31561f798d6f7b

  • SHA512

    12af30b1f94f6b5598ab311c9acc8e78b91ed5d79485a6b915dbb8dfe5e70f15e09c89c492780a0f5c8552115c8d695cbaab282c045d9c09c250f54fb47047fa

  • SSDEEP

    1536:qQvBHZgFLJzSLWTV/y45BnD8SlNDSzvHF5OaeCCVpguN4eSe+eooOoaoCoCo0oB+:9hZgFLGS/y45BAso

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d8004040cfbd8718d9922b20f9485c6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5d8004040cfbd8718d9922b20f9485c6_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\SysWOW64\wscript.exe
      /nologo C:\WINDOWS\zxcv.vbs
      2⤵
        PID:1252
      • C:\Users\Admin\AppData\Local\Temp\DelC1F8.tmp
        C:\Users\Admin\AppData\Local\Temp\DelC1F8.tmp 492 "C:\Users\Admin\AppData\Local\Temp\5d8004040cfbd8718d9922b20f9485c6_JaffaCakes118.exe"
        2⤵
        • Deletes itself
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Windows\SysWOW64\wscript.exe
          /nologo C:\WINDOWS\zxcv.vbs
          3⤵
            PID:2608

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\DelC1F8.tmp
              Filesize

              323KB

              MD5

              5d8004040cfbd8718d9922b20f9485c6

              SHA1

              dd9e37a893068d0660980513c7aa89a49b0b0cf7

              SHA256

              f25e3d83c71de79521f9e88b9c1c25c7f7c3c40b1339a1791f31561f798d6f7b

              SHA512

              12af30b1f94f6b5598ab311c9acc8e78b91ed5d79485a6b915dbb8dfe5e70f15e09c89c492780a0f5c8552115c8d695cbaab282c045d9c09c250f54fb47047fa

              Download Submit

            • C:\WINDOWS\zxcv.vbs
              Filesize

              266KB

              MD5

              e54857b4590a2097ae9c67d700aa0366

              SHA1

              3afeac8582f22e5af9bf8fc6bb45f0c85357dac7

              SHA256

              79f7d1725133388d18b976f6e2fd89813d57aa6c809939f7c4526cf1e2e312ae

              SHA512

              04d0aef7adec0d2d7f674fbf577a2295098f06cd1b4e9b311d4f62fb6c5c4e592f7666c01ceefc9677fdde42f6dca4a6e3376152f7d7a7b9e0d77fc49f4f322d

              Download Submit