291cc92f3e45cc12cc33e22157101249541252762f3af8c8d7e846ef7ccc2208

Analysis

max time kernel
142s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 00:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f2456dc73cd64b0c4ff9917b3374f829_JaffaCakes118.exe
Size

209KB
MD5

f2456dc73cd64b0c4ff9917b3374f829
SHA1

fde7e37098c5abd86117310cf20d7f4c29fc1167
SHA256

291cc92f3e45cc12cc33e22157101249541252762f3af8c8d7e846ef7ccc2208
SHA512

cf90f108690e7ea410890d5b43b1d84ad708850639b9190b4b18fc29cf30482efff8a945f40316da93863079f45ae53c87b7dee3ad6430fda046b5f323e0221f
SSDEEP

6144:jljUtzRYieS5WiiJ8ElyV3L4bf8s+YYVdz5:5IW3S+qlmkXz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3036	u.dll
2384	mpress.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 556	1976	f2456dc73cd64b0c4ff9917b3374f829_JaffaCakes118.exe	85
PID 1976 wrote to memory of 556	1976	f2456dc73cd64b0c4ff9917b3374f829_JaffaCakes118.exe	85
PID 1976 wrote to memory of 556	1976	f2456dc73cd64b0c4ff9917b3374f829_JaffaCakes118.exe	85
PID 556 wrote to memory of 3036	556	cmd.exe	86
PID 556 wrote to memory of 3036	556	cmd.exe	86
PID 556 wrote to memory of 3036	556	cmd.exe	86
PID 3036 wrote to memory of 2384	3036	u.dll	89
PID 3036 wrote to memory of 2384	3036	u.dll	89
PID 3036 wrote to memory of 2384	3036	u.dll	89

C:\Users\Admin\AppData\Local\Temp\f2456dc73cd64b0c4ff9917b3374f829_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f2456dc73cd64b0c4ff9917b3374f829_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\52B4.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:556
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save f2456dc73cd64b0c4ff9917b3374f829_JaffaCakes118.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\53FC.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\53FC.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe540C.tmp"
      4⤵
      Executes dropped EXE
      PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\52B4.tmp\vir.bat

Filesize
2KB

MD5
11b313c5b61a3e2c301a123bd31a127b

SHA1
c4198556d23141acf39c5d47337606b6a63b72bd

SHA256
c86499570309c3db8bd4ea87f230be4ed05690d5a3b55d4fcb732a1648050e89

SHA512
efca0d643344416027ff1755251c1ef44f029391f89ac9c6755ba5515445fbcedb1c5f82c65d77e0fcbea8c23b02c17a53a32940f4aef5739562f87a5effe5b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\53FC.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe540C.tmp

Filesize
41KB

MD5
6b63a5a37152857350247758d2dfe9be

SHA1
51640d9a733fa2c237899b02ac4a87d68485eda6

SHA256
d6814046a2bde97fa032b76d4e840db83d0123f40e21ed2fd6e78525b026cf30

SHA512
e566b87baae2b388c85ec9aa15d440783b3c62b572d7c6f0d29619c8998e0860877776fffa394658a9c80aac359fee28b71b62e33123f7763a67619c56ba4908

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr5582.tmp

Filesize
24KB

MD5
0135fe3bdfb0d0dc94e196ab273ee41a

SHA1
85352276d3ea6a5cd905bdc3c75dd6da382573e6

SHA256
99bb41ac2ba5d9180b24242fcdb1ca0ec03e2fcfe5f4d9c0ff28d4313420beba

SHA512
2f4e1f7dad79279446cb6b03025ccf165b20bf21aaa52707aceec4d956fab5882ed9a5668c831394b342deebff12c804d86ca842017090e9ea7126f45c71295d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3cb128d406e21ddc1da721eb64c63b0a

SHA1
6cec94de477c90c28c4224c807f5f1c082b63f29

SHA256
8ef3f2f1bf7bc61acd333a1260fcbf013254f9533cf39ff0c784117fb90c73c7

SHA512
c17f09bd2f80c2a3545cd8947e867af010d667872fc7d0655b4cfb4308ad76116b557aaad06f465ace94138f51a1f2c9daf03698c40388e0a22eee77731c4e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
c0cc2ab678fee6ba29b587bab25b30fd

SHA1
9af502cf02dd6a60efb69a8768cb59067d33802c

SHA256
5f4295cfbb018ddec7b9f9c6337ed73e537727c6f16b57335d7ead7e89cfc0ed

SHA512
b7379176f7fa4db5fe91bd3f42ff5b17aacec0e6341187531d8ae1ab6d228239edbbf6143356e83128b9a50addebd0a5ed0ddf21802f3f3422c5a8a057f4af90

Download Submit
memory/1976-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1976-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1976-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2384-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2384-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads