Overview

overview

7

Static

static

3

c16366b111...18.exe

windows7-x64

7

c16366b111...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c16366b111c68e8de2dbf866275adf68_JaffaCakes118.exe

  • Size

    79KB

  • MD5

    c16366b111c68e8de2dbf866275adf68

  • SHA1

    514aa7c8566ee0507042053366daae15e844cf9d

  • SHA256

    7430b17a751156d93d59258ee1e5f96dd2f11a15690cad878830305abbaf66fa

  • SHA512

    368758c8d5a275540b3384234d87215496506dcf43be896f073060fcbcee5bfde79f7d620e9a64cd49ae92d22ed6b4447a6c5917bf015af54e2b9de64604b428

  • SSDEEP

    1536:ZGt0BYT++OjQNnXfNiPFBQhxZjsGG/F1Cgsthd8ZfiypI:ZHBj+OjQN1iIFGbCjvl5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c16366b111c68e8de2dbf866275adf68_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c16366b111c68e8de2dbf866275adf68_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Users\Admin\AppData\Local\Temp\bla.exe
      bla.exe
      2⤵
      • Executes dropped EXE
      PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bla.exe
    Filesize

    31KB

    MD5

    bee18b96d0bc0b243cc89c9f8d87767b

    SHA1

    21039d617e9c12b9807c8e0ddf889b69345caf11

    SHA256

    583559f2325dbdd84e21b4156ea5039c098645437f70db6dffe3fbd742db83f8

    SHA512

    67e57d1a7e326d6cae63a65306d17a5339f993e61a829bd032940c0b7b01eecca099b2aa8146fab8ad4845335e6bf41ea6792dcc776141e2caa27efb6a944d3f

    Download Submit

  • memory/1872-0-0x000007FEF649E000-0x000007FEF649F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1872-1-0x000007FEF61E0000-0x000007FEF6B7D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1872-2-0x000007FEF61E0000-0x000007FEF6B7D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1872-4-0x000007FEF61E0000-0x000007FEF6B7D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1872-11-0x000007FEF649E000-0x000007FEF649F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1872-12-0x000007FEF61E0000-0x000007FEF6B7D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2400-10-0x0000000000400000-0x0000000000408960-memory.dmp

    Filesize

    34KB

    Download