Overview

overview

7

Static

static

3

6006d60634...18.exe

windows7-x64

7

6006d60634...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2024 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6006d6063485597a30e9fd1e237c4c48_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    6006d6063485597a30e9fd1e237c4c48

  • SHA1

    11bbe77991203df06ff1dbb2c9f4e46990ea59c0

  • SHA256

    774cafe18306dd709634bcf6cc0f716534c2f8b82cc40cf87e341583fa2a972c

  • SHA512

    d3ed9072da27029ef43382be28015ab749fcde36792d176d8b5ae29ba2a24e6cb6c93e521f5b3b549daca5ebef04a1b1dae6d3237217faa678246f5f54089438

  • SSDEEP

    49152:Qoa1taC070da58FaacGlKiC5p79q10Q3qGRhcI:Qoa1taC0HOEi9Eo0NM

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6006d6063485597a30e9fd1e237c4c48_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6006d6063485597a30e9fd1e237c4c48_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3196
    • C:\Users\Admin\AppData\Local\Temp\F6D3.tmp
      "C:\Users\Admin\AppData\Local\Temp\F6D3.tmp" --splashC:\Users\Admin\AppData\Local\Temp\6006d6063485597a30e9fd1e237c4c48_JaffaCakes118.exe 0313940163DA58C79453E37B0FA7C342D6E1EC78AD550726ABB85B96325651DE70B5B71B69911E91CCC642CC38FD957B31C524C052A9311C8731AC8DE53133C0
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\F6D3.tmp
    Filesize

    1.9MB

    MD5

    102c942caedacfd2ffee39c9ff804940

    SHA1

    359a5b9c17ae518fa74acd6d7ca876fb8a8ec6da

    SHA256

    93d183cf5a68b93257f1de542af22f97ff166326af4a7c82779b867c47af92ca

    SHA512

    82c42a8e64fd247aa5a5262a2129c89404dcbbca08728ae2a47ee0ce198b0ca025f20dd916a6ca2f91a5f2594e8ed968b3d0a449aa4f7c357ebba09dec6b9524

    Download Submit

  • memory/1200-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3196-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download