expiro | 1cf81c9f8b9bd7c484a6b477c43c92602321a9d151aed6ba7eae91c0275ecba6 | Triage

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 22:26

Sharing

Report Analysis Logs

General

Target

JaffaCakes118_3df4852dd4a8355906666870fbd5e99b.exe
Size

432KB
MD5

3df4852dd4a8355906666870fbd5e99b
SHA1

1100ded13df02e5f3fa09721321e873ac961ce4d
SHA256

1cf81c9f8b9bd7c484a6b477c43c92602321a9d151aed6ba7eae91c0275ecba6
SHA512

28ae8dac07d24b29b8284491f22a10bc9c1044ace7569440a886c2cc583685e67d19c382670552a7d798b5e534039132d97b4576b76298c907e050a30b45b4fc
SSDEEP

12288:PUCmZiCq5duzyJUTdMlgumcvQsFebzt6:BCVQY5zt6

Score

10^/10

expiro backdoor

Malware Config

Signatures

Expiro family
expiro
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
backdoor expiro

Expiro payload 3 IoCs

resource	yara_rule
behavioral1/memory/512-0-0x0000000000470000-0x0000000000504000-memory.dmp	family_expiro1
behavioral1/memory/512-1-0x0000000000400000-0x0000000000504000-memory.dmp	family_expiro1
behavioral1/memory/512-2-0x0000000000470000-0x0000000000504000-memory.dmp	family_expiro1

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3df4852dd4a8355906666870fbd5e99b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3df4852dd4a8355906666870fbd5e99b.exe"
1⤵
PID:512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/512-0-0x0000000000470000-0x0000000000504000-memory.dmp

Filesize
592KB

Download
memory/512-1-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/512-2-0x0000000000470000-0x0000000000504000-memory.dmp

Filesize
592KB

Download