Overview

overview

10

Static

static

3

ffd8ad18eb...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2024 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffd8ad18ebf472bb09a3e25b16232b35_JaffaCakes118.exe

  • Size

    432KB

  • MD5

    ffd8ad18ebf472bb09a3e25b16232b35

  • SHA1

    830723c35f6061a190dc2bb2b175d098d64bc3ac

  • SHA256

    060225dba8b59357f11e1d17419f92a2d3f389a49171057712b5c8b73971739c

  • SHA512

    506d4d764c60a858ec63f8ae084b18e4461a2645e8caa05afa7430f06b523f618cd40c3d20a9861c524c627d07de1e28b7a74724b3405df25874bf0ae62f4dc0

  • SSDEEP

    12288:GUCmZiCTM/cSNwGcK5kBeRL+L/atTuSzX6PBbSqS:kCTHSSGcK5KILJtTuSSB

Score
10/10
expirobackdoor

Malware Config

Signatures

  • Expiro family
    expiro
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 3 IoCs
    backdoor

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffd8ad18ebf472bb09a3e25b16232b35_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ffd8ad18ebf472bb09a3e25b16232b35_JaffaCakes118.exe"
    1⤵
      PID:1736

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1736-0-0x0000000000470000-0x0000000000504000-memory.dmp

      Filesize

      592KB

      Download

    • memory/1736-1-0x0000000000470000-0x0000000000504000-memory.dmp

      Filesize

      592KB

      Download

    • memory/1736-2-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1736-3-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download