Overview

overview

7

Static

static

3

62dca46537...18.exe

windows7-x64

7

62dca46537...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2024 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62dca46537a35e01e597d00bf920f30b_JaffaCakes118.exe

  • Size

    11.3MB

  • MD5

    62dca46537a35e01e597d00bf920f30b

  • SHA1

    3e1adf40316bbcf50faacfe005998c1dea44d4fa

  • SHA256

    928f46d4dcafd014ce97c2126b0ab5865935311d5f58ce181a5e10f5e65f6181

  • SHA512

    5ca1366a7328defa08a6c7177c9ed063751e4a5906d774d9c47f9e4f212982c8b8cc5b593d659f44e92c4a77027b648326d69c32e6f8174fb700d6a8952fe099

  • SSDEEP

    196608:Eh+WCjK2Kv3CHasOfTs/g5l67K5bIuM3cbewnYUuAAchj8QS42lXMt5+avq:Qh6K2cCHaTsY5l6ONI/sbewnYdAJGQSP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62dca46537a35e01e597d00bf920f30b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\62dca46537a35e01e597d00bf920f30b_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4208
    • C:\Users\Admin\AppData\Local\Temp\is-6GTF1.tmp\62dca46537a35e01e597d00bf920f30b_JaffaCakes118.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-6GTF1.tmp\62dca46537a35e01e597d00bf920f30b_JaffaCakes118.tmp" /SL5="$F0044,11508805,54272,C:\Users\Admin\AppData\Local\Temp\62dca46537a35e01e597d00bf920f30b_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-6GTF1.tmp\62dca46537a35e01e597d00bf920f30b_JaffaCakes118.tmp
    Filesize

    696KB

    MD5

    8aa8c628f7b7b7f3e96eff00557bd0bf

    SHA1

    9af9cf61707cbba7bf0d7cbed94e8db91aff8bd6

    SHA256

    14d4fa3ea6c3fbf6e9d284de717e73a1ebb5e77f3d5c8c98808e40ade359ea9d

    SHA512

    5e0a4765873684fce159af81310e37b6918c923ccede0c4de0bd1e2e221425109131830cff02e3f910f15b0401ee3b4ae68700b6d29a5e8466f6d4ee1dcd6eeb

    Download Submit

  • memory/4208-1-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4208-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4208-13-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4792-10-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/4792-14-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download