258514730bb9fc1f9e192895664a3ce0953d1b29d7301c0247d5d72d1d569e3d

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f008b0de94f1771f7cfd2a5b51a6ff90_JaffaCakes118.exe
Size

208KB
MD5

f008b0de94f1771f7cfd2a5b51a6ff90
SHA1

9904cac611039d8b90913f86576017631f8d80de
SHA256

258514730bb9fc1f9e192895664a3ce0953d1b29d7301c0247d5d72d1d569e3d
SHA512

78494bc569bc45e3d382bfa69dab987cf4377b410be7b81d141c1e339bb3b818d5101bdaaea7fba8abce31bc52579cf5451b8b835e1e1305fdcdbb4f4790c94b
SSDEEP

6144:rl4mjZF//vYdAiwH11XtVPNoguiv1Ihoay6y4EGf1:fr//QdABV1Xt3juC1IhNbDEe1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2600	u.dll
2488	mpress.exe
2924	u.dll

Loads dropped DLL 6 IoCs

pid	Process
1712	cmd.exe
1712	cmd.exe
2600	u.dll
2600	u.dll
1712	cmd.exe
1712	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 1712	2188	f008b0de94f1771f7cfd2a5b51a6ff90_JaffaCakes118.exe	29
PID 2188 wrote to memory of 1712	2188	f008b0de94f1771f7cfd2a5b51a6ff90_JaffaCakes118.exe	29
PID 2188 wrote to memory of 1712	2188	f008b0de94f1771f7cfd2a5b51a6ff90_JaffaCakes118.exe	29
PID 2188 wrote to memory of 1712	2188	f008b0de94f1771f7cfd2a5b51a6ff90_JaffaCakes118.exe	29
PID 1712 wrote to memory of 2600	1712	cmd.exe	30
PID 1712 wrote to memory of 2600	1712	cmd.exe	30
PID 1712 wrote to memory of 2600	1712	cmd.exe	30
PID 1712 wrote to memory of 2600	1712	cmd.exe	30
PID 2600 wrote to memory of 2488	2600	u.dll	31
PID 2600 wrote to memory of 2488	2600	u.dll	31
PID 2600 wrote to memory of 2488	2600	u.dll	31
PID 2600 wrote to memory of 2488	2600	u.dll	31
PID 1712 wrote to memory of 2924	1712	cmd.exe	32
PID 1712 wrote to memory of 2924	1712	cmd.exe	32
PID 1712 wrote to memory of 2924	1712	cmd.exe	32
PID 1712 wrote to memory of 2924	1712	cmd.exe	32
PID 1712 wrote to memory of 2796	1712	cmd.exe	33
PID 1712 wrote to memory of 2796	1712	cmd.exe	33
PID 1712 wrote to memory of 2796	1712	cmd.exe	33
PID 1712 wrote to memory of 2796	1712	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\f008b0de94f1771f7cfd2a5b51a6ff90_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f008b0de94f1771f7cfd2a5b51a6ff90_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\F0E.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save f008b0de94f1771f7cfd2a5b51a6ff90_JaffaCakes118.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\F7B.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\F7B.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exeF7C.tmp"
      4⤵
      Executes dropped EXE
      PID:2488
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2924
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\F0E.tmp\vir.bat

Filesize
1KB

MD5
20ca69bace1bd0aa4cc2af821fd4f54e

SHA1
032ac8a184df61a0adad4d13f42472ae4c7c7860

SHA256
64cd7802b4c7e5f32d8e59d46aa8f98824b16f3cf5fb47be12aa8b38c19a7599

SHA512
054f4868c615651789e74aa793b25737a8b5dfe4439a43a120b2dc2bc0c3e155d0a15ad1868c7e685b3a0d6e2559c9798e89eeaeed025c39ab0a0c2b10f31fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\F7B.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe10B4.tmp

Filesize
41KB

MD5
9cdcf02f847ddde1f3b62c676c5cc737

SHA1
1e28bc7716cb6adb55b1b397dbabbe31adba3cf2

SHA256
d7726cc05bcd788912a23fc85f233775da28cb0d4d2920c2be66e5cc69e2b7ae

SHA512
438303dceafa36ac40271d6b7759248357109cc479a53dd4eb472ab35d51f333f629be2da54fc113bcdcf2bb4bdf4201b5075351842d20d7e818c80a31b88e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeF7C.tmp

Filesize
41KB

MD5
1e97c3f7a2966be350cc20c25181fc3f

SHA1
dbbb7f881897311a47468e37683a0f233ee3b165

SHA256
3434ea33f48fb593d6e29fe0fc8382a24f36c06eda802137695e4ebec6f85ced

SHA512
280029401e9c644ac2da463ec7b88a4b588efd3eba5acddb094ce1cdc38a340b2d3f2dc918e9297826941c059ee9ee0ed590b56a6e18c61687d1470f90cb1b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeF7C.tmp

Filesize
41KB

MD5
3623841fcdda5669e51832647ec3394c

SHA1
c4ecea9fe339b985e5e8ddff8a88a686a7ba0c2c

SHA256
452f69d9b869dbfb2ff8ec45f570556336581389f9990117adaa21be763c806f

SHA512
d571c896a09807f017b8202ca81dca175eb7ef4145386644e93b6e94ec6f91a9f9974a00e041b668a3d6a301a5a8e931754025accb0e9d62f70005eb9ff13c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeF7C.tmp

Filesize
24KB

MD5
c8272109914e4e261213f5c61f16abf0

SHA1
a3dcd33092130b2bcac679300c2ea811d8bfe57b

SHA256
b125345f484aced7dad43a77918c4385e66d440254403f9fa07375adad84d4dd

SHA512
a929d5dbc9e857623aaa13a67164b5dff75fcf83b104cc9dcd28e08ecbe9a6724be65cfd87073143d40affb7a1fcc6e2db4e14c8e36669f5385c3cb279ffb179

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
ac3e2f16df5b8e004bc7528957957c95

SHA1
318dfb96abdc8e9d3778788dfdbb1f3dba885fba

SHA256
c53ac431faed8f5ab7c67b254f913efe0dceaafdbf26b02b930d07f45d840fe2

SHA512
4c60d3b255c38807a104e4362493dbf651fb8893633e94ee9a4c69770773f8d7bf95d310051154b9bd74d6eb1993626a5eb107e74e891d681f0398c64a7ebaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
efa1b602b937edee99ec6718693b6691

SHA1
e4fe3699b1ed24bca81e87014f7bc7237becaf85

SHA256
c6c87a69578fce55f702e2f7beee3bb01a94e7a0e577daefc1a9bdbf23723124

SHA512
4201587d2dab2fe16d08125a9ecf7b458540d0eb1d3124611668cc0933f9be148fe1953c15e846222ad937b9c2a768df5fa86ee974fac579540f35e478832309

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
7bab57cf68ec8b5eb3bc7397a3915ff1

SHA1
85c4f9b51d9e03b53d8c04e93f84bdff89a811f8

SHA256
979344d0a3cd449f5766d5215bf6b1e3023cb3acd43c5eff1a4905e5d628eee4

SHA512
91fe2430a8f4ab18e86291e5063cd7e71648895a06b15034789e5e9656bede9b66a96a62b85322f2880e502a90b14dd4908dd2b2547b2519c40dac94b0330946

Download Submit
memory/2188-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2188-112-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2488-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2488-68-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-61-0x0000000001E20000-0x0000000001E54000-memory.dmp

Filesize
208KB

Download
memory/2600-66-0x0000000001E20000-0x0000000001E54000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads