Overview

overview

10

Static

static

3

JaffaCakes...b0.exe

windows7-x64

10

JaffaCakes...b0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2025 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_9176ab071ba35a4ff8c40b9f384f90b0.exe

  • Size

    416KB

  • MD5

    9176ab071ba35a4ff8c40b9f384f90b0

  • SHA1

    b8e2e28f7fad66250010c9e7d0f8c0b72e437ded

  • SHA256

    ec6e099f84fbabe87d76bdfd35ddfd5b152a7cfe76b486d51037bb36d85934bb

  • SHA512

    14fda489e409cfbbbb20b5b0147b9b6aa2a2931ce098e27404d5725dc83e16c978d8e777f3ef4c8bba67fc8668a0d55a3a65a73ed4bc47a1081391b6222577e8

  • SSDEEP

    12288:suGaGJ8PJd5cBUvoD+e/i2Nse4UpdQyxTl4KlS+T:s6CoJbcB9i3erxTl4

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

cemnba72.top

morvuy07.top
Attributes
  • payload_url

    http://bojpyv10.top/download.php?file=lv.exe

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9176ab071ba35a4ff8c40b9f384f90b0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9176ab071ba35a4ff8c40b9f384f90b0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    PID:692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\WXEGquysRw\_Files\_Files\RemoveConvertTo.txt
    Filesize

    645KB

    MD5

    47d7b01eaf67bdf7df6e9b5e6e469a5f

    SHA1

    a84dbed0b8f6ec6d339d6ff8f68e9ddb3b2a27e0

    SHA256

    b92b4370492577a94fac21e6946995093ca736d1911bddb97788054f0ab47726

    SHA512

    0105a2a7ccf5e1134479f039354f2f4dedf3065c7e61fe286edaa1bd1b767288a1f20770dcdf6ae2e16464bf1d84ac0b5621f14758810b2265b79505451aec3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WXEGquysRw\_Files\_Information.txt
    Filesize

    1KB

    MD5

    6cdb8bbfe79453350abd94610cbf3b6e

    SHA1

    0aa6b1b200b9954861a947c3934d92229d86ddc1

    SHA256

    96c3da8405b1fc6c2bed50f2f553fc8f8257274323329048321190128c29aa54

    SHA512

    4358bdaf647dbde93a7434761390b24cbee10f72f4ec27a0304f802f667bc903fab24f66ba42cee8793336361100e6f616ec90802e7fa0e36b264a864cbfee41

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WXEGquysRw\_Files\_Information.txt
    Filesize

    7KB

    MD5

    bc44c1a60229fb4853233cd7ebf29e1a

    SHA1

    86e922b105162eb14eba0e4ffc73f7f05cd91ea1

    SHA256

    507ac345588c644165b1c7b5a33124cc6b02addf6199e2d1a44ed2bda6be3efa

    SHA512

    ae88a6ce113a4ac47876d764c84f1666593623bfb9c6f191e4308c1b94c6f64d2474f1b585e6074c2187a4a62ee234bb2aa40e0fcd60ce07042141861af11df4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WXEGquysRw\_Files\_Screen_Desktop.jpeg
    Filesize

    49KB

    MD5

    5319c70d71367dedb7bb0f34606a7902

    SHA1

    648fcdc4ab0608bbc42fc8f739dcb216e2f8e663

    SHA256

    86f9f16f13a17fca24041599475de45d83031b3d50b65350a7fafc8a1a880419

    SHA512

    655db54b9c8e771b928a0f13b987216315c0f832ecf73e50c857f677d9448aaecd042e22793327283a13e74a5fc21d8cae4210c4150fb40494420b3206e6cfed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WXEGquysRw\vDqgttUhjhoT.zip
    Filesize

    689KB

    MD5

    9f4e0e010f1960bb4681c8bdfb2ce8f2

    SHA1

    97c2bb93b3118f303fda9dfc3c458862aafc920c

    SHA256

    4f2345592316adc9c5f8a8a2f01bee68a891dee22257bc2e46b9b62c4766acd9

    SHA512

    7090777c95a204550472209ff71a5d65032af1786e4c497a2effe97cd52c1f4c42c63077c218d29c3483934079c865e792974e0c9c4d3c7b5706428aea690151

    Download Submit

  • memory/692-130-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-136-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-123-0x0000000000810000-0x0000000000910000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/692-126-0x0000000002500000-0x0000000002545000-memory.dmp

    Filesize

    276KB

    Download

  • memory/692-125-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-127-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/692-2-0x0000000002500000-0x0000000002545000-memory.dmp

    Filesize

    276KB

    Download

  • memory/692-1-0x0000000000810000-0x0000000000910000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/692-133-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-3-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/692-139-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-143-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-146-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-149-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-152-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-154-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-158-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-161-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-164-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/692-167-0x0000000000400000-0x0000000000799000-memory.dmp

    Filesize

    3.6MB

    Download