0f4d5bb463842b7dd1afbdf8701db2cd1b0d430e986feefa65467175a3203caa

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9c8b530ae17f738b801cbf35ae3e675_JaffaCakes118.exe
Size

5.0MB
MD5

e9c8b530ae17f738b801cbf35ae3e675
SHA1

4ed1ff7bea59d75cf75a3faca9f009431a7b9f88
SHA256

0f4d5bb463842b7dd1afbdf8701db2cd1b0d430e986feefa65467175a3203caa
SHA512

3d17dda5015c0f8b49089f7aaefc9e2929980619ba604ba9ae6afe67b184d5bd201c2a8154732d92e181054fe2635b63d4bf7497ad86c6de66780b35ee877c5e
SSDEEP

98304:U8tYEj1rkJg+3U7cSBvuL2IBPzmK4beKzC5t2vqCA4R3/VdlHjI/VWi:VSv/SBInySKC5USn4NfM/VX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2484	setup.exe
4212	setup.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 2484	4816	e9c8b530ae17f738b801cbf35ae3e675_JaffaCakes118.exe	91
PID 4816 wrote to memory of 2484	4816	e9c8b530ae17f738b801cbf35ae3e675_JaffaCakes118.exe	91
PID 4816 wrote to memory of 2484	4816	e9c8b530ae17f738b801cbf35ae3e675_JaffaCakes118.exe	91
PID 2484 wrote to memory of 4212	2484	setup.exe	94
PID 2484 wrote to memory of 4212	2484	setup.exe	94
PID 2484 wrote to memory of 4212	2484	setup.exe	94

C:\Users\Admin\AppData\Local\Temp\e9c8b530ae17f738b801cbf35ae3e675_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9c8b530ae17f738b801cbf35ae3e675_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Users\Admin\AppData\Local\Temp\_sb335.dir\setup.exe
  C:\Users\Admin\AppData\Local\Temp\_sb335.dir\setup.exe /f /sourcepath "C:\Users\Admin\AppData\Local\Temp\"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\_sb317.dir\setup.exe
    C:\Users\Admin\AppData\Local\Temp\_sb317.dir\setup.exe "C:\Users\Admin\AppData\Local\Temp\_sb335.dir\" /sourcepath "C:\Users\Admin\AppData\Local\Temp\_sb335.dir\" /SelLan 0409 "CheckId:SetupBuilder Professional 1.5.0001"
    3⤵
    - Executes dropped EXE
    PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_sb317.dir\Setup.exe

Filesize
245KB

MD5
6a4179b0e3815cb78ac459826b9fc54e

SHA1
32f7dc191292c1731515e99f629bb192e3f64d71

SHA256
05dafe711e71980e1170c455ecc327bc2ab5626be3beb879c56231c0cb2dd83f

SHA512
efc665055a3caadc0b98e90d6e64acfa2509829d1b0729266ccf2adecc54863d2abb8d31792c582b527d9048e649910665ff37ccc2c8fda15fe7459dd152c164

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb335.dir\Setup.exe

Filesize
154KB

MD5
94dbe0e05db59d56c743f87d58184cf2

SHA1
eeccac06d5125384403b79b62e8ad0b796cdf8e0

SHA256
a3a0d80a90794b30f58390c8fc91f3f2990a675cab6661ad9816a02bb3bb39cb

SHA512
029f7a6adcfdecd9aa75844a00129d8a3fe7a3706aa5329d762730287e4b0dccff7b636c63dec5cdfab6a2bd811b05b94f399c31cf7b5ff3ecb67f2fdb7984c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb335.dir\Setup.ins

Filesize
8KB

MD5
ab5b2f7be04de357a972dd04bc0be65f

SHA1
d4c24b073d38361feb0dc0e30bcb9160952d9856

SHA256
5551d727dc7ed4bedb6c6f36a67f78290e290620a8209335557a98bc014daf64

SHA512
fa50afa879ca81541be40fc8aca5de1998c573578f75038c5c60e55ea971b5976e04d88fe265053d884684896b52c2f2ce776f3c4c3878e720137bee7f84dafe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb335.dir\_SETUP.LIB

Filesize
30KB

MD5
9b4c0c69ca8c77192a13916002930e1b

SHA1
cffac5c58d0b0ebb830e722c93a1edc86c977865

SHA256
6ea87fb69ec0d61e23883a781ad9eb54624a8245030f6b148ee8e22de2fb8a17

SHA512
aea58ff41e4627cd569ca06b06229c9f21b9456c90e0492fc0d0c573ffd24e0bf168aba98db3060557c32fb6947840cd9b44bbbafc75ea0684d1b96151cd5c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb335.dir\_Setup.z

Filesize
265KB

MD5
4e82dc7820f6d433dc0fd412a0726b6b

SHA1
9cfffdd064fca8f98a96c19d260310e636087b68

SHA256
c833d583f32d7140d6b7799ab100b5600591ff8411f3d6056937fa5be9f1638d

SHA512
31eedd539537e31378ea816d7584988975bc824843bfa71866c9dfcc57caa938bfebc0bb81c2da3419f7584e9510a211d7bed6c00c8abff80f750457afbd245c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_sb335.dir\_setup.lst

Filesize
1KB

MD5
a94748ef91c56b3bb19690349126bd1f

SHA1
138df0917112c284abe095b670514acf8baff134

SHA256
9a5881c3e2cf3022253bb73710a0a0dc97fdcccdcfc34bcc04d592c9af09b1e3

SHA512
38732f462ca2365fbca0a323c855493660760f5c62ea7834f434bd0dd1ddab5210dc3718cea36cd136b6a46ed5863699e107f2e893df842297414d2b0fc19dbb

Download Submit
memory/2484-14-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2484-31-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/4212-26-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/4212-27-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4816-0-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4816-10-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4816-36-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads