Overview

overview

7

Static

static

3

6006d60634...18.exe

windows7-x64

7

6006d60634...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2024 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6006d6063485597a30e9fd1e237c4c48_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    6006d6063485597a30e9fd1e237c4c48

  • SHA1

    11bbe77991203df06ff1dbb2c9f4e46990ea59c0

  • SHA256

    774cafe18306dd709634bcf6cc0f716534c2f8b82cc40cf87e341583fa2a972c

  • SHA512

    d3ed9072da27029ef43382be28015ab749fcde36792d176d8b5ae29ba2a24e6cb6c93e521f5b3b549daca5ebef04a1b1dae6d3237217faa678246f5f54089438

  • SSDEEP

    49152:Qoa1taC070da58FaacGlKiC5p79q10Q3qGRhcI:Qoa1taC0HOEi9Eo0NM

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6006d6063485597a30e9fd1e237c4c48_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6006d6063485597a30e9fd1e237c4c48_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Users\Admin\AppData\Local\Temp\BA89.tmp
      "C:\Users\Admin\AppData\Local\Temp\BA89.tmp" --splashC:\Users\Admin\AppData\Local\Temp\6006d6063485597a30e9fd1e237c4c48_JaffaCakes118.exe F8A51E26527E44D8673F7BA74D5C8A8778C1EED6B4FF22DC106F84D940FA80070EF9EF5D053FF89DC7F55724470C359876695DC9DD718FD7E948F421F25CC35B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\BA89.tmp
    Filesize

    1.9MB

    MD5

    13d2b76490f2ba304316cf6fe3cc5847

    SHA1

    f4468dd2ee2d6bba9f79254332ae8be705eb51a7

    SHA256

    39ca5fe4724173507bd093a3ea9dc87519003b62c8cd5b9c7b0145a6e12d02c2

    SHA512

    f3c3acd75379b52e8f447e71ba0e7d1ab8a8c4af4166d620200a450206593af4961fabf7d9b553a74699f5987411a901568addcc8466963880ebfcae417cff57

    Download Submit

  • memory/2072-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2676-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download