Analysis

  • max time kernel
    133s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-08-2024 06:46

General

  • Target

    cc60e8d3a2fcc7bd5e26e1e738586079_JaffaCakes118.exe

  • Size

    432KB

  • MD5

    cc60e8d3a2fcc7bd5e26e1e738586079

  • SHA1

    73ff3fce9db4241f2e3fdaa4f3bad6eb6cd11a01

  • SHA256

    0128733574f1262d2479e390a6fd6b7c731341a139b3cb4c0e7249136f619e95

  • SHA512

    b1506fe9b32badf59969020d371f4d617b8a802f19b09b9eaeb40190915e82a47adf960bf8f23a9c3a436a47b403287bdce93b0a6dc11fdad7b97fec05aa6e51

  • SSDEEP

    6144:ZFUCmZqoFWC6xyoNf015ZJPvqg44Dc03k8jlZmpMDNKNcsCYPQtNq0X8WGtbJCxG:LUCmZiCdop01DJx44DcwZrKdCY4/L58

Score
10/10

Malware Config

Signatures

  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

  • Expiro payload 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc60e8d3a2fcc7bd5e26e1e738586079_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cc60e8d3a2fcc7bd5e26e1e738586079_JaffaCakes118.exe"
    1⤵
      PID:4580

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4580-0-0x0000000000470000-0x0000000000504000-memory.dmp

      Filesize

      592KB

    • memory/4580-1-0x0000000000470000-0x0000000000504000-memory.dmp

      Filesize

      592KB

    • memory/4580-2-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

    • memory/4580-3-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB