670c1b5d2893459c73d40107b8fd85f9a2f1ffea54ff5f055c5129fd5e0f4a06

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f575bba7a6765bb9b6e0710cc32043fa_JaffaCakes118.exe
Size

209KB
MD5

f575bba7a6765bb9b6e0710cc32043fa
SHA1

b38b27bcaaa84d2f48b866e1a7642224d9d63275
SHA256

670c1b5d2893459c73d40107b8fd85f9a2f1ffea54ff5f055c5129fd5e0f4a06
SHA512

f69f5584ece17b37c1987395a8657ce49ef79aca0eba0fc421db115ea0f7446d6d8baed39706fb566bb93a0ff018a89a948dc5e07d96a12cb4140549e749e093
SSDEEP

3072:0lV+n6auFQL9HmIjU/2R5ZQeJvJWxywEPNJ0bXg1yV/Bp/TQ+cE+OiGK7jOR5eN:0l0n6auO9w/WBJEyw13V/PrQa+Hr7LN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3016	u.dll
2696	mpress.exe
2872	u.dll

Loads dropped DLL 6 IoCs

pid	Process
2888	cmd.exe
2888	cmd.exe
3016	u.dll
3016	u.dll
2888	cmd.exe
2888	cmd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2888	2840	f575bba7a6765bb9b6e0710cc32043fa_JaffaCakes118.exe	29
PID 2840 wrote to memory of 2888	2840	f575bba7a6765bb9b6e0710cc32043fa_JaffaCakes118.exe	29
PID 2840 wrote to memory of 2888	2840	f575bba7a6765bb9b6e0710cc32043fa_JaffaCakes118.exe	29
PID 2840 wrote to memory of 2888	2840	f575bba7a6765bb9b6e0710cc32043fa_JaffaCakes118.exe	29
PID 2888 wrote to memory of 3016	2888	cmd.exe	30
PID 2888 wrote to memory of 3016	2888	cmd.exe	30
PID 2888 wrote to memory of 3016	2888	cmd.exe	30
PID 2888 wrote to memory of 3016	2888	cmd.exe	30
PID 3016 wrote to memory of 2696	3016	u.dll	31
PID 3016 wrote to memory of 2696	3016	u.dll	31
PID 3016 wrote to memory of 2696	3016	u.dll	31
PID 3016 wrote to memory of 2696	3016	u.dll	31
PID 2888 wrote to memory of 2872	2888	cmd.exe	32
PID 2888 wrote to memory of 2872	2888	cmd.exe	32
PID 2888 wrote to memory of 2872	2888	cmd.exe	32
PID 2888 wrote to memory of 2872	2888	cmd.exe	32
PID 2888 wrote to memory of 572	2888	cmd.exe	33
PID 2888 wrote to memory of 572	2888	cmd.exe	33
PID 2888 wrote to memory of 572	2888	cmd.exe	33
PID 2888 wrote to memory of 572	2888	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\f575bba7a6765bb9b6e0710cc32043fa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f575bba7a6765bb9b6e0710cc32043fa_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\52E1.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save f575bba7a6765bb9b6e0710cc32043fa_JaffaCakes118.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\54C4.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\54C4.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe54C5.tmp"
      4⤵
      Executes dropped EXE
      PID:2696
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2872
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\52E1.tmp\vir.bat

Filesize
1KB

MD5
d40f29cc03be6f230c58e69554166515

SHA1
b94a793e3a01442907b05287af05c1a610c191cc

SHA256
66cc7a01e1951bd7d99b630ec8c763305bddbb2a23b1c3efbf10baea02da860b

SHA512
2e16c0f6c9f898f68fec44be08c56db22412b84d1199122d4a779872d23d619af7eb0bc5d40f6f2eef9424e37813c156eca67af9b24dad1274ad2cc484ca46a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe54C5.tmp

Filesize
41KB

MD5
71ce3645ecf4a753408f77c5a8bad638

SHA1
9b8252af055414bb69e5ce0f1826066c27c0d63e

SHA256
75e8f3a8df737002f0d4be1064a96490ca1c56148ea69781abaaa6299eff9b21

SHA512
79a8d69275afc627a9102e62f05d3867ef013a11c174dd4981fe31494d3f6e127032fdcc92fae99aaac2a485a6acdf0d7fdf6df120c53a024740ff1786f51c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe54C5.tmp

Filesize
741KB

MD5
cd0bf0038de3a347240791f669197da5

SHA1
0f074a6481b0ca7e31c3c3eef5020dfccef5af8d

SHA256
9a7cb94d3408a4406c4f76f58b5580aa8e916979f5d0a4b5f36d0f02e8119fb4

SHA512
d10c393a98b3e5139e31132e93b4efbc046c814c1222e8b768004cc7df45f2ec8e9e0417efdd7c216ba5a6946aa3b72af2f13ad75a27f1edf888ef7036921448

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe54C5.tmp

Filesize
207KB

MD5
6a49480e106e267a9a4697e982b6c245

SHA1
21aba0ff157fdd0f4ab31ccb9e709a6cbbc13035

SHA256
da8d430bdc11975821ac3b5c950db54d821fbcc8c5cdb77758dd5e6bbae768b3

SHA512
a8ee4b2b7b06832ae842faba953919fc6e8dadd9c9a42298ab1aa301b4d8e5e40b9350411cdc3bc861fe6735ce52ce1448a21a0a7b79ac9f31838a8518b94dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe5800.tmp

Filesize
41KB

MD5
7aa367dca7be65e07b16bd69f06263e3

SHA1
d447739251408f8e8490a9d307927bfbe41737ce

SHA256
738bf50547320b0683af727ad6d430f2e7b83c846fe24f91527b7ee263bfa076

SHA512
d7884589d7d12a628c9e07b77b3b793fa91f67fe13563e7b072ca864e053e6b7d711852e30ae1c877576b8ad47f67d2826e8ee711e6b65a329baa57492fe31b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
3c9568b0d86a865f9f73d9c0967cfdad

SHA1
3270df3e0e600f4df2c3cbc384837693a8a3a83e

SHA256
c7b97a001b39e17382e929aad924555f3d21886b86aed38cffd660490801d1d6

SHA512
bd423d1d57823b1bf6db42aeec199aa93178a9317ead85b42b60e091aaf4f73ce721bc07fda4750e112c4dccb9d87e21d5793965da9d6e92b0c5bed92c26876f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
c9e5d95dce44a67aec81c0c637c9d227

SHA1
92e87f2adc80919b240de40ad5348a8653184605

SHA256
2220bfe359107caf9651719a41b45cd10715c1572ef3c65ee926b21e265d9fda

SHA512
ae1a716c2440786d07bacf8d739c99e9057cf167a0e2f44b6c76e5fccaccd693b4be31bf5df12d8912f78806ce687d4af57b1f8d3f8a37b2cd6a2804d5edc048

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
ec30c703ac74f3114dbcac8a84d05485

SHA1
0c655359d8699b23850879295fe55129827abe08

SHA256
3b810aaac800c79dce5aa2f7ef8105bb117ee7d0b5bf320116c2bcd53838fe37

SHA512
5113ed6f7cce14098fed5f794300ad1d62b6a385784b5c3cc254cbea96254c9945f915cadcb26cf8bc973c5a5b620834433fe725f3ff5bc0f3aa4c846c118d41

Download Submit
\Users\Admin\AppData\Local\Temp\54C4.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/2696-73-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2840-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2840-111-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3016-61-0x0000000000290000-0x00000000002C4000-memory.dmp

Filesize
208KB

Download
memory/3016-66-0x0000000000290000-0x00000000002C4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads