Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 06:59
Static task
static1
Behavioral task
behavioral1
Sample
ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
ccd91aa004bd0edf0a1c56d059c862b8
-
SHA1
41ec97df7f05ed444a71129c1f8ca4db8b995670
-
SHA256
52bcb141f3c89870642651440b67cd2cef5f60acad4d270b7e6383704d50b2f3
-
SHA512
b044c564708b93b5877e4667b22857ae02090f18745313446eb3274e1e52ed123fcf635205f1afe94ef7c1f9350163dfffa877df8130e50ee693c71524b4b7d1
-
SSDEEP
49152:Qoa1taC070dk2N6ygdHrNxk8MsEVDJC836TSgJaW7t5486pd:Qoa1taC0D2N6RZbEV483lgJaCP486D
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2292 40C8.tmp -
Executes dropped EXE 1 IoCs
pid Process 2292 40C8.tmp -
Loads dropped DLL 1 IoCs
pid Process 2848 ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2292 2848 ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe 28 PID 2848 wrote to memory of 2292 2848 ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe 28 PID 2848 wrote to memory of 2292 2848 ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe 28 PID 2848 wrote to memory of 2292 2848 ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Users\Admin\AppData\Local\Temp\40C8.tmp"C:\Users\Admin\AppData\Local\Temp\40C8.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ccd91aa004bd0edf0a1c56d059c862b8_JaffaCakes118.exe 9026E48A05AB01EF96B3EDEF8EA56EB0948B322776149E0E0819DFF499B65A3B3112C32C34BF797410F48DE3E798B222D489D4B28E31E4E54B9B7C5CBB6F7E952⤵
- Deletes itself
- Executes dropped EXE
PID:2292
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD54574c63df7dfe871382872ffb95ce43b
SHA11c1ffc488b9fb0cf50f4b38cd5bc65e5b311f832
SHA256130c4647a5c7e2fb5c2c19f19678d4ba7634334e9aed6ccc566b32e288e1fb22
SHA512953873f4b7393f78d47992d28e2368def4f13dba454099763bc5c21685b569c32a2aade03e6b7a1bead70a17d36a204f026c9ba8954b9bcdaeb4c36ab3d683d7