Overview

overview

10

Static

static

3

JaffaCakes...70.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2025 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_869b521cd56896fbdb7ba6afa2ef5a70.exe

  • Size

    432KB

  • MD5

    869b521cd56896fbdb7ba6afa2ef5a70

  • SHA1

    c2f436d739ed55063fa4c619f52f4e5677fec745

  • SHA256

    43630d5d00e27d9517234d80e23bcc1f5e3e703265921ea8271d39c2c7a1d177

  • SHA512

    9bf5427a85641a3ebfb4cdf2386f959680bccddf4ac089a9be63316a332e48fe45fd80613d7d1cb60290d98c6f8c38e2f7346834fc644289c84bd69a6390a433

  • SSDEEP

    12288:SUCmZiC24V2yL2NfTA+3xSUQBTf5G8mErIjlxF44P:YC/VBL2Nb9DP8yxF5

Score
10/10
expirobackdoor

Malware Config

Signatures

  • Expiro family
    expiro
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 4 IoCs
    backdoor
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_869b521cd56896fbdb7ba6afa2ef5a70.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_869b521cd56896fbdb7ba6afa2ef5a70.exe"
    1⤵
      PID:1032
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 200
        2⤵
        • Program crash
        PID:4384
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1032 -ip 1032
      1⤵
        PID:4676

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1032-0-0x0000000000670000-0x0000000000704000-memory.dmp

        Filesize

        592KB

        Download

      • memory/1032-1-0x0000000000600000-0x0000000000704000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1032-2-0x0000000000670000-0x0000000000704000-memory.dmp

        Filesize

        592KB

        Download

      • memory/1032-3-0x0000000000600000-0x0000000000704000-memory.dmp

        Filesize

        1.0MB

        Download