55b708133309478c9bb476a2cf578b1224631d71c31c92edb80bd781077c145d

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f15f1fb8ab2d6ead112074ae8c23650f_JaffaCakes118.exe
Size

65KB
MD5

f15f1fb8ab2d6ead112074ae8c23650f
SHA1

99f5a0743dd1af86b5c9be98c832dd1cbd24e0ae
SHA256

55b708133309478c9bb476a2cf578b1224631d71c31c92edb80bd781077c145d
SHA512

408a864a1ad159313250c7ea971dfc14989d0a8b2104a6e02b7b94c503ad2db7c4fee3154c40f32f2c2220d3851692568ea5e94b253004d22014082f162956b0
SSDEEP

1536:FoaAunefL4NUI5nn42pkx+YoUXHRmI4ZGLWHxgNHJWBv5:FbAuGMNUIlnBY/XII40aGpWBR

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2872	f15f1fb8ab2d6ead112074ae8c23650f_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mdmi386.exe	f15f1fb8ab2d6ead112074ae8c23650f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mdmi386.exe	f15f1fb8ab2d6ead112074ae8c23650f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f15f1fb8ab2d6ead112074ae8c23650f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f15f1fb8ab2d6ead112074ae8c23650f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:2872
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2492
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:3032
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:2540
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        5⤵
        
        PID:2700
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        6⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        7⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        8⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        9⤵
        
        PID:2864

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2776
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2740
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:2848
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:1920
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        5⤵
        
        PID:2032
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        6⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        7⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        8⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        9⤵
        
        PID:596

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:612
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:1996
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:1120
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:2832

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2716

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2952
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2712
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:1376
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:2808

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:1964
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2240
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:268
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:1280
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        5⤵
        
        PID:2844
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        6⤵
        
        PID:1900

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2472
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:692
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:1312

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:1536

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:3044
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:1076
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:3016
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:2164
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        5⤵
        
        PID:3004
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        6⤵
        
        PID:2084

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:836
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2384
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:1604
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:2492
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        5⤵
        
        PID:2176
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        6⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        7⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        8⤵
        
        PID:548
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        9⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        10⤵
        
        PID:572
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        11⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        12⤵
        
        PID:780
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        13⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        14⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        15⤵
        
        PID:2636

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2620
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2880
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:2636
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:2856
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        5⤵
        
        PID:2904

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2232
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:1920
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:2064

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2388

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:680

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2716
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:1084
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:2752

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:1348
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2892

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2592

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2892
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2112
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:1540
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:2584
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        5⤵
        
        PID:2308
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        6⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        7⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        8⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        9⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        10⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        11⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        12⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        13⤵
        
        PID:3036

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:1012
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2320
- - C:\Windows\SysWOW64\mdmi386.exe
    "mdmi386.exe"
    3⤵
    PID:928
  - - C:\Windows\SysWOW64\mdmi386.exe
      "mdmi386.exe"
      4⤵
      PID:2196
    - - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        5⤵
        
        PID:924
      - C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        6⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        7⤵
        
        PID:344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        8⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        9⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        10⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        11⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        12⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        13⤵
        
        PID:440
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        14⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\mdmi386.exe
        
        "mdmi386.exe"
        15⤵
        
        PID:2160

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:1464
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:2056

C:\Windows\SysWOW64\mdmi386.exe
"mdmi386.exe"
1⤵
PID:2508
- C:\Windows\SysWOW64\mdmi386.exe
  "mdmi386.exe"
  2⤵
  PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\mdmi386.exe

Filesize
65KB

MD5
f15f1fb8ab2d6ead112074ae8c23650f

SHA1
99f5a0743dd1af86b5c9be98c832dd1cbd24e0ae

SHA256
55b708133309478c9bb476a2cf578b1224631d71c31c92edb80bd781077c145d

SHA512
408a864a1ad159313250c7ea971dfc14989d0a8b2104a6e02b7b94c503ad2db7c4fee3154c40f32f2c2220d3851692568ea5e94b253004d22014082f162956b0

Download Submit
memory/796-179-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/1312-128-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/1356-186-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/1392-189-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/1496-131-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/1516-175-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/1640-174-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/1920-109-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/1968-119-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2032-110-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2128-165-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2148-137-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2240-120-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2372-158-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2444-69-0x00000000002B0000-0x00000000002E7000-memory.dmp

Filesize
220KB

Download
memory/2444-73-0x00000000002B0000-0x00000000002E7000-memory.dmp

Filesize
220KB

Download
memory/2444-72-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2468-70-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2492-20-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2528-47-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2528-63-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2532-77-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2532-84-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2536-42-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2540-31-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2540-33-0x00000000002F0000-0x0000000000327000-memory.dmp

Filesize
220KB

Download
memory/2584-74-0x00000000001C0000-0x00000000001F7000-memory.dmp

Filesize
220KB

Download
memory/2584-71-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2696-121-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2700-34-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2720-44-0x00000000002D0000-0x0000000000307000-memory.dmp

Filesize
220KB

Download
memory/2720-43-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2740-94-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2776-85-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2776-96-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/2848-100-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2864-66-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2872-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2872-9-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2872-10-0x0000000000360000-0x0000000000397000-memory.dmp

Filesize
220KB

Download
memory/2872-21-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/2872-1-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download
memory/3032-27-0x0000000013140000-0x0000000013174000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads