Overview

overview

10

Static

static

3

JaffaCakes...20.exe

windows7-x64

10

JaffaCakes...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2025 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_c4cc29108ef8565e5251c56047586e20.exe

  • Size

    415KB

  • MD5

    c4cc29108ef8565e5251c56047586e20

  • SHA1

    290a6b8d1d2b745d3a61be322ec9b729d5ba844d

  • SHA256

    ecf1c18fd8e00059f7408f943e96f73aa08839601eec0bc2588fcb3e9c29d137

  • SHA512

    ecdeaf0f4860bfd70ff9378485a3e952e9fb6eafca64c300b0cf24779357350814662f3648804021651a51f4fafd174a69dc796695c45f01c17efae89ca80477

  • SSDEEP

    6144:pryyKsi2/CGBfHYTbILiniQCLZ4jekjEXL6cbr/mgppj3l3s1LOsoYYL2Ta0cI:pryyKsiWrLitCL0Or/VpprlkOsc8a9I

Score
10/10
expirobackdoor

Malware Config

Signatures

  • Expiro family
    expiro
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 4 IoCs
    backdoor

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c4cc29108ef8565e5251c56047586e20.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c4cc29108ef8565e5251c56047586e20.exe"
    1⤵
      PID:348

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/348-0-0x00000000003FB000-0x000000000048E000-memory.dmp

      Filesize

      588KB

      Download

    • memory/348-1-0x00000000003FB000-0x000000000048E000-memory.dmp

      Filesize

      588KB

      Download

    • memory/348-2-0x0000000000390000-0x000000000048E000-memory.dmp

      Filesize

      1016KB

      Download

    • memory/348-3-0x0000000000390000-0x000000000048E000-memory.dmp

      Filesize

      1016KB

      Download