31bb6d93584ef88c982f162d60f5362cad7d1bde25a3ac80c9e780b540d5750b

General

Target

eda6d7516fc47ecbfb595ec75ee2c53b_JaffaCakes118.exe
Size

209KB
MD5

eda6d7516fc47ecbfb595ec75ee2c53b
SHA1

a15a1d687d342253ef6c838c5206ccc498a3aeed
SHA256

31bb6d93584ef88c982f162d60f5362cad7d1bde25a3ac80c9e780b540d5750b
SHA512

56e9e1bc1dea2f8c6f0befce11602b9380ecd32cad94a520ce01e191f0f4d291bab5a42eefdcaf7ca168d69774d632c193cf67eaecc592deb2ebe2d1c288bde2
SSDEEP

3072:vld9FjZCzNB3QZ6GYV82USF+uZpsSL4Z44GExrBaKD6mErDJFFx/jx:vld7jkNWw1VeSFtbL4xxlYvx/j

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1676	u.dll
2572	u.dll
2392	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
2272	cmd.exe
2272	cmd.exe
2272	cmd.exe
2272	cmd.exe
2572	u.dll
2572	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2272	2216	eda6d7516fc47ecbfb595ec75ee2c53b_JaffaCakes118.exe	29
PID 2216 wrote to memory of 2272	2216	eda6d7516fc47ecbfb595ec75ee2c53b_JaffaCakes118.exe	29
PID 2216 wrote to memory of 2272	2216	eda6d7516fc47ecbfb595ec75ee2c53b_JaffaCakes118.exe	29
PID 2216 wrote to memory of 2272	2216	eda6d7516fc47ecbfb595ec75ee2c53b_JaffaCakes118.exe	29
PID 2272 wrote to memory of 1676	2272	cmd.exe	30
PID 2272 wrote to memory of 1676	2272	cmd.exe	30
PID 2272 wrote to memory of 1676	2272	cmd.exe	30
PID 2272 wrote to memory of 1676	2272	cmd.exe	30
PID 2272 wrote to memory of 2572	2272	cmd.exe	31
PID 2272 wrote to memory of 2572	2272	cmd.exe	31
PID 2272 wrote to memory of 2572	2272	cmd.exe	31
PID 2272 wrote to memory of 2572	2272	cmd.exe	31
PID 2572 wrote to memory of 2392	2572	u.dll	32
PID 2572 wrote to memory of 2392	2572	u.dll	32
PID 2572 wrote to memory of 2392	2572	u.dll	32
PID 2572 wrote to memory of 2392	2572	u.dll	32
PID 2272 wrote to memory of 2784	2272	cmd.exe	33
PID 2272 wrote to memory of 2784	2272	cmd.exe	33
PID 2272 wrote to memory of 2784	2272	cmd.exe	33
PID 2272 wrote to memory of 2784	2272	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\eda6d7516fc47ecbfb595ec75ee2c53b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eda6d7516fc47ecbfb595ec75ee2c53b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4BB0.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save eda6d7516fc47ecbfb595ec75ee2c53b_JaffaCakes118.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1676
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\65C5.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\65C5.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe65C6.tmp"
      4⤵
      Executes dropped EXE
      PID:2392
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4BB0.tmp\vir.bat

Filesize
1KB

MD5
849feb4a1c3f663000b7d33c6f6d800c

SHA1
eface2a11646ebd6999600bbfc9dc462c04da3e5

SHA256
93f474a45b204de4e078220f91deec6f71423c9a6f1a4ecef471c4b547389861

SHA512
c5338021691c8ef2b66865e86ec4cd428e222a2383405d03c933e7191d81fc1b9d5a340912ac94747d4d9a72e0a589a404104e3834917d12b59ba0262ad32f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe65C6.tmp

Filesize
24KB

MD5
b799e4b3cff5cefeb8355cff4153f617

SHA1
cf39041f0b03033f148329b62c2f593ffb3ce8cc

SHA256
e6f5642d95d82404f0c87ce3b455c662ad247d533cc01b0f454d194b244207c4

SHA512
62e28c9cf91fd311d2dee021062a92eacf482455842a6f835afedfb368d84de089569ae032a37c85c05c4cc20d1e1aeeda2cda6e673fa42e00b80b19974b9f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe65C6.tmp

Filesize
41KB

MD5
2962dfcac22070e3da981e1115397938

SHA1
09a2ddd77cc9265c1c9a3a0b3797ea5007e3bd28

SHA256
d47a5a1f144a7b1a0267ec604f18238419a29402b4ef51f1b2165f346ef88951

SHA512
8efe28ee9ba694a2cc010bb61736de3f7bc190c3656f814a700e9992391a174982fa21f16d24ce1c36876e095f1a76569183cee52048ae22102cac621beb422a

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
03e84bf7ea2eba6e881e868ceefe2526

SHA1
09019ed20cf16847a264f5d1840ee0802f1778a6

SHA256
8b16836b18106d0e8fdbb4b26beefee04479fe219a59cc2a186b68db91fcd832

SHA512
32a47a7b4725f2d71573ad855b0a3bc99b3fa86d70f7b1b60456361bbcd03d37ea58f2b7092c0b6993e156db4ddd66b1d544363523f580a6dd8c055697ec2026

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
3440bddbc77033be1f355bed977b8cbc

SHA1
212003c56c7dc2723ea5bb28ea68f1bc831d7a5b

SHA256
be259c94893ccf628ff672a1301ef428fbb2f02aec5d3f3ef3a5ab20744cdf04

SHA512
ed57f745e5f426466f1ea5bf64f44866c5497a13e7e3f3b828e942b1c8ebb9f7788122908e3d84d89478b6f02456b2d91300362e863a8f2262c653049573d579

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
6f230005d90cca9580deae871194cdf2

SHA1
f1f1b8fa18e21eebc9262f298d5ba348d884d849

SHA256
fd7a77ac86d21c624c2f4c32b568e1b266b532bcd4ee7d4d54d495f7136a0a6f

SHA512
1aae0a9261f04093d9df03b6defb084abed83cd17bb9107656ccef61dc8b0617577590f22bd770004d5e2be875e63c969dabf5fca843d9fe18647660b2a7c865

Download Submit
\Users\Admin\AppData\Local\Temp\65C5.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2216-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2216-114-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2392-97-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2392-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2572-90-0x0000000001E30000-0x0000000001E64000-memory.dmp

Filesize
208KB

Download
memory/2572-95-0x0000000001E30000-0x0000000001E64000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads