75ffb65008fd09d966362c32a14772d935ce695e5f87b973f6b0d75d4371fb04

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe
Size

232KB
MD5

e8d4de7c0743adc4d46b86084325ef19
SHA1

4cd91a61df25e40141a57302ce6576a66220e03e
SHA256

75ffb65008fd09d966362c32a14772d935ce695e5f87b973f6b0d75d4371fb04
SHA512

ce14326e87abc4d0837fc29fdddbe0a458b1e25c0d7e7af90851f84294826eb835fc609fe866b1beb8f33740fee761e0ad78bec20d86137d77bf7445dbe01566
SSDEEP

3072:ae/z6pTUD6GJG5aPXu8SYe74pm1FmTKMjoJStccKy+VGgkRx+o4M8ndtqh2:awz66iSXDm1FMoJSec4Yg6z8dZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4548	XXWG3Z8VEUQJLZ.EXE
2860	XXWG3Z8W7IA.EXE

Program crash 2 IoCs

pid	pid_target	Process	procid_target
976	2860	WerFault.exe	88
4392	2860	WerFault.exe	88

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3696	e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe
3696	e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe
4548	XXWG3Z8VEUQJLZ.EXE
4548	XXWG3Z8VEUQJLZ.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2860	XXWG3Z8W7IA.EXE
2860	XXWG3Z8W7IA.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4548	3696	e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe	84
PID 3696 wrote to memory of 4548	3696	e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe	84
PID 3696 wrote to memory of 4548	3696	e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe	84
PID 3696 wrote to memory of 2860	3696	e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe	88
PID 3696 wrote to memory of 2860	3696	e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe	88
PID 3696 wrote to memory of 2860	3696	e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e8d4de7c0743adc4d46b86084325ef19_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3696
- C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG3Z8VEUQJLZ.EXE
  "C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG3Z8VEUQJLZ.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG3Z8W7IA.EXE
  "C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG3Z8W7IA.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2860
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 616
    3⤵
    - Program crash
    PID:976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 616
    3⤵
    - Program crash
    PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2860 -ip 2860
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2860 -ip 2860
1⤵
PID:4688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\XXWG3Z8W7IA.EXE

Filesize
28KB

MD5
553628c7d0797377d7e881e0cb3a5b1e

SHA1
f0b325f8a6c90851de4cc40156ba2bf00bf9d15e

SHA256
57b140bac168263cd534ef38b0f7af7ac84bd6a3544dc02a27125c7d1924df6c

SHA512
5450874e494b992f6bc4dfdc245c71b820d7864d6a3c7fe972266d3a670f4f564a07bfbb6c74eff2f5999d3c77cc84000895399ca1858e4d74f1069f50a04263

Download Submit
C:\Users\Admin\AppData\Local\Temp\XXWG3Z8VEUQJLZ.EXE

Filesize
232KB

MD5
e8d4de7c0743adc4d46b86084325ef19

SHA1
4cd91a61df25e40141a57302ce6576a66220e03e

SHA256
75ffb65008fd09d966362c32a14772d935ce695e5f87b973f6b0d75d4371fb04

SHA512
ce14326e87abc4d0837fc29fdddbe0a458b1e25c0d7e7af90851f84294826eb835fc609fe866b1beb8f33740fee761e0ad78bec20d86137d77bf7445dbe01566

Download Submit
C:\Users\Admin\Local Settings\Application Data\72283225\tst

Filesize
10B

MD5
859cd8c9815029bfd028febfefa434da

SHA1
740ef1a7562b23cb04927a4bd7745697ef81ef8c

SHA256
3a4641a64867ee0cfe8be7da484f47132e6cd52d0479bb1b3f488f409e878cbd

SHA512
e9a9023db9807d000bb7781b87f1793977020a01543bb7fc4bd3098872217a2be0b53abc2b76c0cd5a0885927302060b37ab46f1f6beb7cff0b99868a11b1ea4

Download Submit
memory/3696-4-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3696-13-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4548-8-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4548-14-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download