1c26508e491569545e3d93524bf4a80d688424d1555081c6119ee86e2ef1069c

Analysis

max time kernel
142s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe
Size

463KB
MD5

ec8be2b57ad724be84948b44e99df78e
SHA1

26c8b3a34958bc686617fad33295dc96e87ba394
SHA256

1c26508e491569545e3d93524bf4a80d688424d1555081c6119ee86e2ef1069c
SHA512

e8f18926d61d18f111e65127dd0a0a53099cb96b2b77834d801ce612eb75f3dce3b02bd6a29d1feb1a54c9400e11da39f4ba993c08dab862c35920eec7c82585
SSDEEP

12288:QuXuk4tGSUpuUulJbl3PQhlDviRP8GshyvdTSF:Td4HUpuUulJJ3PQhURPBscVe

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2228 set thread context of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2784	2088	WerFault.exe	28

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28
PID 2228 wrote to memory of 2088	2228	ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ec8be2b57ad724be84948b44e99df78e_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\explorer.exe
  explorer.exe
  2⤵
  PID:2088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 288
    3⤵
    - Program crash
    PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-1-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-2-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-4-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-3-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-5-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-6-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-7-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-8-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-9-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-10-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-11-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-12-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-13-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-15-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-14-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-16-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-17-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-18-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-19-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-20-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-21-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-22-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-23-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-24-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-25-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-26-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-27-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-28-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-29-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-30-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-31-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-32-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-33-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-34-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-35-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-36-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-37-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-38-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-39-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-40-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-41-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-42-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-43-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-44-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-45-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-46-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-47-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-48-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-49-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-50-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-51-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-52-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-53-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-54-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-55-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-58-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-57-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-56-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-59-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-62-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-61-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-60-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-63-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2088-4478-0x0000000000DE0000-0x0000000000E23000-memory.dmp

Filesize
268KB

Download
memory/2228-0-0x0000000000250000-0x000000000028F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads