7ffcf2cbe4d3c8342144f691a8cc406fff9b0e0a6d5e1e0d6c6a6c980737555a

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8a428b9d43110c19102561436c23497_JaffaCakes118.exe
Size

5.0MB
MD5

f8a428b9d43110c19102561436c23497
SHA1

737392a53b3123c8629645fe7f746b96b836b5e7
SHA256

7ffcf2cbe4d3c8342144f691a8cc406fff9b0e0a6d5e1e0d6c6a6c980737555a
SHA512

224c3ade889243b362d4bc594df52587e7cf25e236998e3ff0a44438dad0e70640fa3c1848c58b13ab75b99c6d4216afc0eddddad620216b1f748cc0b0296519
SSDEEP

98304:9KZqoZnRW4L30/1OtpTGqFaBSHYkOhSN3CEUHIGukOFx2cdQTmDg:zsp3c1OtMnvkOhSN3CEMKkOWcdQaDg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1008	f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp

Loads dropped DLL 5 IoCs

pid	Process
1008	f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp
1008	f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp
1008	f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp
1008	f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp
1008	f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1008	f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 1008	1572	f8a428b9d43110c19102561436c23497_JaffaCakes118.exe	86
PID 1572 wrote to memory of 1008	1572	f8a428b9d43110c19102561436c23497_JaffaCakes118.exe	86
PID 1572 wrote to memory of 1008	1572	f8a428b9d43110c19102561436c23497_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\f8a428b9d43110c19102561436c23497_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f8a428b9d43110c19102561436c23497_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Users\Admin\AppData\Local\Temp\is-FAE4Q.tmp\f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FAE4Q.tmp\f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp" /SL5="$9014A,4684381,140800,C:\Users\Admin\AppData\Local\Temp\f8a428b9d43110c19102561436c23497_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:1008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-FAE4Q.tmp\f8a428b9d43110c19102561436c23497_JaffaCakes118.tmp

Filesize
1.2MB

MD5
8f9622980da7767cc43dea245716c6ad

SHA1
d007898d85a6317277f82e62b375309891f76688

SHA256
0efc511729cd05411fa3b54cc63fb6b21559ce5e0afb7279cacd41e6aab94182

SHA512
083fd0fde96b9a6ef579cc48313983bb0fe438e6d921ea1e3b9bec647bc5f4814f84e03566dcce688a0b6886b8535de4502cb0bfdf030ffc8858c78c989e6805

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\Bkg.png

Filesize
7KB

MD5
fb55cae9b02ee9ec7dc54617c01d04be

SHA1
0661181d3ddf1b15c4fd37fbf25856edf0d89c78

SHA256
ca97704df2442ffeec96f8d1da8cbc10ee5d777a143ca1b38af75d2592b1442f

SHA512
fc4baee1c2ab9856c3e52ce6a2d23126c22d9b442de8a45271807b490e3d3baa17ffd3e139c658bb92441003197ce82abe3dc108eff8a528ec3848e909880042

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\Btn_Close.png

Filesize
1KB

MD5
8aafe567794aa103eaeed3a327481710

SHA1
834984096bd80dfee9fa1c72581e08e31ac755af

SHA256
80b183490099b1db9edad04798d0c0896c51467bd9d21084107684b55fba1d48

SHA512
4cc91703d6f80cd6e2f5ac7384f6a23e6874733dbbf257fa08a12691c1fb3624185ac42e8cdc2c4bd34d5d5e6a3bd0664ede17243fe9d9a49c5e3fc1bca33faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\Btn_Dir.png

Filesize
1KB

MD5
896f151b81eb553224264448f078dfd5

SHA1
f10a0f4662c2be46b48b8279fda8211768c030eb

SHA256
795f0dc3e32fa02061a1c9ede45f5ff0f47f2c2501e419bf3af30e5c7c5b385e

SHA512
846e5dddb2cfe50dd61670b46bd9ab84399cddf425786ba342df91e3480881598f8e97b9ba7bb94ec92be79cd0523ebbc6a003a26741711730b3b666d76bffe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\Btn_Done.png

Filesize
3KB

MD5
2273828bfc6f5208242241e062f8cab7

SHA1
49b590b6f9c764ad006f8895aed6d81c713059dc

SHA256
42870d4489999367c205347607f0f0e741c885f326ce62f267500da4685445b1

SHA512
0d7230f9cabfbe62ae549121ad17443e7e6ce6da99a9f7e2f2e64eb9c601165196106faca86309f85109997fa0418f612c1fc2606da13c1d1734eee5fab19687

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\Btn_Inst.png

Filesize
6KB

MD5
3bfc991bdc9ca97bbcd1ac5461d86884

SHA1
071600a30fafad2899e17e104957fde194d4c4fb

SHA256
8442c50cca77b4fd23bcf81adf94da806e2802acf02911bfb1f927ddb02c9ec5

SHA512
ffe715c9955744380aa79aae17a2283dee2c7bb0caeeb1ca96618e9f91d1631befb5cced998eebbd52cbaa483085048bc90466834875ef229875b7f3e7f60b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\Btn_Next.png

Filesize
3KB

MD5
7f48ff696280940ef67e3c1e7eddbc9b

SHA1
7d235d3b72ddef766b7f179c42743764eda6b4f3

SHA256
1273333dab77f1c59012965846df603049f25a56fc5e9acf1e6fef284b341c9a

SHA512
78dfc1b3e331ec4bf55f28b31f82355b955071eab99fd0d51466fa4ff4d734ac16b16423297a35983128c71c61764b77a9ab54837b28fbb29c8611c6c5c6c993

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\CheckBox.png

Filesize
851B

MD5
e4256d0f35ce14e6b55dce7291bd5571

SHA1
b48087274fc8470ee1924a0e51aec84d19b8212b

SHA256
ecfee35552e1768f66802797d2280fd15cb212f78733704d81a3f4915021c302

SHA512
dc39b3380b6309ab429a1f6d1a205a1ff9277596cf3e77d29528c466f7c11ed15260c9809d7c7c1d6e7ac5a03cf47c48f9d0c7a16661b604a89bc07408fa28c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\Chk_Custom.png

Filesize
2KB

MD5
d7dd3c82874d11bfc52582f703288fb4

SHA1
4f42648d2022814c95a9cd17881ab257d87894aa

SHA256
320c7c0d2f4a00970ad6cbb0994859b43f6728d2a853bdeb8b0323505a49f8c0

SHA512
fc06b2cf751821ec29e37a05f4931051da4c6d43cd86de9e7a1e62a6fc8da1f02aa4fe0e875cb3846c7dfc5928c156e0f239314481238e94718b1f4ee51e6644

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\ItDownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OFOGH.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
memory/1008-21-0x0000000003450000-0x000000000348C000-memory.dmp

Filesize
240KB

Download
memory/1008-28-0x0000000003940000-0x000000000394E000-memory.dmp

Filesize
56KB

Download
memory/1008-6-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/1008-113-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/1008-115-0x0000000003940000-0x000000000394E000-memory.dmp

Filesize
56KB

Download
memory/1008-114-0x0000000003450000-0x000000000348C000-memory.dmp

Filesize
240KB

Download
memory/1008-120-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/1008-164-0x0000000003940000-0x000000000394E000-memory.dmp

Filesize
56KB

Download
memory/1572-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1572-112-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads