Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
05-04-2024 10:49
Static task
static1
Behavioral task
behavioral1
Sample
d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
d1a98e1c8bb8947e2e4cc213b43ba41b
-
SHA1
8702c3201b418416e1db20f2dfad51d06c13db83
-
SHA256
090ecf1c43f63f7e27d5343bbf983c2f0f56cc709ca0077b1f17e69ef7f93779
-
SHA512
d98ec35d5a51b041f795ef43923853ffa8543ec65a6bf049d48e91a7e6193e35b5896bd6bc35427cfac191c56a472aeb2128e4c76e944a205275311bbf5c64fa
-
SSDEEP
49152:Qoa1taC070d/yLS/7dnYIgAyPORMO1fNq:Qoa1taC0AyO/7d6Aw8M
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2964 144C.tmp -
Executes dropped EXE 1 IoCs
pid Process 2964 144C.tmp -
Loads dropped DLL 1 IoCs
pid Process 1776 d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1776 wrote to memory of 2964 1776 d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe 28 PID 1776 wrote to memory of 2964 1776 d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe 28 PID 1776 wrote to memory of 2964 1776 d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe 28 PID 1776 wrote to memory of 2964 1776 d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1776 -
C:\Users\Admin\AppData\Local\Temp\144C.tmp"C:\Users\Admin\AppData\Local\Temp\144C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d1a98e1c8bb8947e2e4cc213b43ba41b_JaffaCakes118.exe 1437DEC96EF400506CDB42B3A31141BE7B0D16FCB09F4ABCD49BA969BC2C5861AC04D5C1324ACABE2B8EF415AB5ACE282ABB4727D5F3C7F9264AAFB2D4ABCD7F2⤵
- Deletes itself
- Executes dropped EXE
PID:2964
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD51073c8fba5d1cfb4ba749eb073ba0f31
SHA1045404dbd4c3074433379e6623084181bbc1b9bb
SHA25689a6b1c0aa4b675cee2b1af02628ffaaa0fe7ce023aeb60196f9e4bfb4ca22c7
SHA512abd86c150284dba6647ebdcb00aae5fd102168ae1e6841f9f5876093f8f310d5af3bba52c789b57a90b78f0ed3331e36200a7e2046f482c1ac4a69ea5015284d