c4fe7e42dc1ea441e5e53c0d717d64ca24292b84278bcca899aec0fb477b0c7b

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
Size

18.3MB
MD5

ebf41f4b5e770958b1dd11e2fb9c29f0
SHA1

0607bbea949889444d54a637acaa04a7c1a8c3ea
SHA256

c4fe7e42dc1ea441e5e53c0d717d64ca24292b84278bcca899aec0fb477b0c7b
SHA512

4d79ae7e52303a4ab9dd79459ae26554c77953c68fc1eaab50c54a5ce9f9f3153fa76320c3f1db7b6887150db9acc404039438d5bfcb765f0c15f07da1615f5b
SSDEEP

98304:EcKHfr5zfMfb5zfMXfr5zfMfb5zrMXfr5zfMmr5zv:Ev

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1508	ffad.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1508	ffad.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1508	ffad.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1508	ffad.exe
1508	ffad.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 1508	1896	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe	86
PID 1896 wrote to memory of 1508	1896	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe	86
PID 1896 wrote to memory of 1508	1896	ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Users\Admin\AppData\Local\Temp\ffad.exe
  C:\Users\Admin\AppData\Local\Temp\ffad.exe -run C:\Users\Admin\AppData\Local\Temp\ebf41f4b5e770958b1dd11e2fb9c29f0_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ffad.exe

Filesize
22.1MB

MD5
fb2fc52de71f832c46b71cb58b7f19f8

SHA1
3793de041168033897c83d5c758d5e3053909418

SHA256
8b7abfda15c09a98ae743781c0f4065851f89d41aacca3537077cd32b7f1f725

SHA512
e0ff1c6aa0dfb168f62cc26cc8f9c99beeff439989e1b2e15429d9f8d14184762cd8746f4d87a5fffc5db165027c6c6bb0850ba0ad19e7a93866cb2846d33f7d

Download Submit
memory/1508-91-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1508-68-0x0000000002080000-0x00000000020D0000-memory.dmp

Filesize
320KB

Download
memory/1508-67-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-66-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-64-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-65-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-61-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-63-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-62-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-60-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-57-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-59-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-58-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-55-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-56-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-54-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-53-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-52-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-51-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-50-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-49-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-48-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-46-0x0000000002C50000-0x0000000002C56000-memory.dmp

Filesize
24KB

Download
memory/1508-47-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1508-45-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/1508-44-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-14-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/1896-28-0x0000000002D50000-0x0000000002D56000-memory.dmp

Filesize
24KB

Download
memory/1896-31-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-30-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-32-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-34-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-33-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-7-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/1896-40-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1896-41-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-42-0x0000000002340000-0x0000000002390000-memory.dmp

Filesize
320KB

Download
memory/1896-43-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-8-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1896-39-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-35-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-29-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1896-12-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1896-13-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/1896-26-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/1896-6-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1896-27-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1896-25-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/1896-24-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/1896-22-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/1896-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1896-21-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/1896-19-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1896-20-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/1896-18-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1896-15-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1896-16-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1896-17-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/1896-9-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/1896-10-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/1896-11-0x0000000002D60000-0x0000000002D62000-memory.dmp

Filesize
8KB

Download
memory/1896-5-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/1896-4-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1896-3-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/1896-2-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/1896-1-0x0000000002340000-0x0000000002390000-memory.dmp

Filesize
320KB

Download