Overview

overview

10

Static

static

3

d57e692901...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-12-2024 05:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d57e692901ffb0db41a1da4d1f3f3c74_JaffaCakes118.exe

  • Size

    416KB

  • MD5

    d57e692901ffb0db41a1da4d1f3f3c74

  • SHA1

    74fb0fcfbcfc47efa3c71b15583c7745f29993d9

  • SHA256

    72ea28517572ff859fc968e41724dcbafac4d949f09049a94e9c386384b3f1af

  • SHA512

    751c0fef3fe6eaba672d88fc356286845f4a99e94b1512defdd01900d801b1505bb2b668efe127dc5ce368282dedd8db80ce80e016122740f55f99d2ba94a52a

  • SSDEEP

    6144:+nZ6KuHe4YYA38PTJDHSPL9js2R5snLuzV9BsSv31jym+IymdgZIYPt6f:+ruHFTYZs2zzVEG31m5Iy/uYPt

Score
10/10
expirobackdoor

Malware Config

Signatures

  • Expiro family
    expiro
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 4 IoCs
    backdoor

Processes

  • C:\Users\Admin\AppData\Local\Temp\d57e692901ffb0db41a1da4d1f3f3c74_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d57e692901ffb0db41a1da4d1f3f3c74_JaffaCakes118.exe"
    1⤵
      PID:3556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3556-0-0x000000000046C000-0x00000000004FF000-memory.dmp

      Filesize

      588KB

      Download

    • memory/3556-3-0x0000000000400000-0x00000000004FF000-memory.dmp

      Filesize

      1020KB

      Download

    • memory/3556-2-0x000000000046C000-0x00000000004FF000-memory.dmp

      Filesize

      588KB

      Download

    • memory/3556-1-0x0000000000400000-0x00000000004FF000-memory.dmp

      Filesize

      1020KB

      Download