Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
15/04/2024, 20:53
Static task
static1
Behavioral task
behavioral1
Sample
f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe
-
Size
3.5MB
-
MD5
f1e70ce4621aeefd0ae9ad631686b1f0
-
SHA1
5404481627cd85342cee4875e094ba805332ad17
-
SHA256
2be4ad7322f8a48051cc91b96db389c330188748f4efb13e22f83820519fcd84
-
SHA512
1a7079591991ea7cbee52cc0aebbac27efa07aac17fd4724dcc846d3e7f3d46728953ca5d110b24fbb5e600ddb1cd10686809d58f373e96b0faf5b7013b334d3
-
SSDEEP
98304:I/qAVy4a/KMtcQmmYK9zKAc0MymmYK9zK:xvzTmmYK9+AcdymmYK9+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2316 12D5.tmp -
Loads dropped DLL 1 IoCs
pid Process 2872 f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2872 wrote to memory of 2316 2872 f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2316 2872 f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2316 2872 f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe 28 PID 2872 wrote to memory of 2316 2872 f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Users\Admin\AppData\Local\Temp\12D5.tmp"C:\Users\Admin\AppData\Local\Temp\12D5.tmp" --pingC:\Users\Admin\AppData\Local\Temp\f1e70ce4621aeefd0ae9ad631686b1f0_JaffaCakes118.exe 9A25F69A22BBB5DBB87AFCCB2F42D1099E1749F71042D018AE12329C87CF0264F786586A3D163101058EAA19D8DF9A1324BE10EF3DCEAE80988D9E5563C3CE492⤵
- Executes dropped EXE
PID:2316
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.5MB
MD5835e4bab5c337cc75924e00ad16e7016
SHA187eb382245dcd3ce9da670768332554fcd5c7373
SHA2569aafcfc4ad18a9b31dc15d6b69884368ea1485beb61bebafe8740a74395b0317
SHA512df7de3ae69042321ce06764a5c3c20b7c6ac9fc511d43497e07ba6eff098ad515afbf0cb5ef6eb4c938094ab1de43aec351ab6869f650bc2ac4ba16776950175