ed64b5bb68cde73b2e185d5f16f0dc423a217598e14a852ee122b588449e8c4b

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe
Size

173KB
MD5

fa1bd4cf049ccff769ef9c81e9c93072
SHA1

4d0eabf936623f10c7288004074711a80cebf69c
SHA256

ed64b5bb68cde73b2e185d5f16f0dc423a217598e14a852ee122b588449e8c4b
SHA512

734f950266a0953a778bb0ededa592d048e63c678cb30f1be7071c46089a4053b8371089d0ec7172c24085adb5a6a9557cb9f9c650969c3f4a42e8fb8b9249dc
SSDEEP

3072:jXOg3mlqZyJ8BpiUUaFPmgRMNlPTGQQm6ytwZEsrYkK4FVnAUet:bKlqZyJ6iU98gWNlPTGQQm6agrdwpt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

mstak.exe

pid process

2140 mstak.exe

pid	process
2140	mstak.exe

Drops file in System32 directory 2 IoCs

Processes:

fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\mstak.exe	fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mstak.exe	fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe

description	pid	process	target process
PID 2336 wrote to memory of 4516	2336	fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe	cmd.exe
PID 2336 wrote to memory of 4516	2336	fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe	cmd.exe
PID 2336 wrote to memory of 4516	2336	fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa1bd4cf049ccff769ef9c81e9c93072_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2336

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c .\delmeexe.bat
2⤵
PID:4516

C:\Windows\SysWOW64\mstak.exe
C:\Windows\SysWOW64\mstak.exe
1⤵
- Executes dropped EXE
PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\delmeexe.bat
Filesize
235B

MD5
6f76c8704c635e78587078b2c4ec5b84

SHA1
9110797b8a808c4ad53262d0f844c413c451bc24

SHA256
6bf3293a9e328e4acb325f2907e42e3491932287b93b128294d5acc7bb268851

SHA512
b2f59143be4b5c2543b9f1330b941fbec482cd4d6875217f673fa410261c81f9cff479d039ab0ff61f30ea83c544f8b69b91d93fd5cc46c07656f1d4385ccec9

Download Submit
C:\Windows\SysWOW64\mstak.exe
Filesize
173KB

MD5
fa1bd4cf049ccff769ef9c81e9c93072

SHA1
4d0eabf936623f10c7288004074711a80cebf69c

SHA256
ed64b5bb68cde73b2e185d5f16f0dc423a217598e14a852ee122b588449e8c4b

SHA512
734f950266a0953a778bb0ededa592d048e63c678cb30f1be7071c46089a4053b8371089d0ec7172c24085adb5a6a9557cb9f9c650969c3f4a42e8fb8b9249dc

Download Submit
memory/2140-68-0x00000000016A0000-0x00000000016A1000-memory.dmp

Filesize
4KB

Download
memory/2140-85-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-98-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-97-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-96-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-51-0x0000000001130000-0x0000000001131000-memory.dmp

Filesize
4KB

Download
memory/2140-94-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-93-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-92-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-90-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-89-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-88-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-86-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-52-0x0000000001160000-0x0000000001161000-memory.dmp

Filesize
4KB

Download
memory/2140-77-0x00000000016D0000-0x00000000016D1000-memory.dmp

Filesize
4KB

Download
memory/2140-76-0x0000000001850000-0x0000000001851000-memory.dmp

Filesize
4KB

Download
memory/2140-75-0x0000000001860000-0x0000000001861000-memory.dmp

Filesize
4KB

Download
memory/2140-32-0x0000000001030000-0x0000000001031000-memory.dmp

Filesize
4KB

Download
memory/2140-74-0x0000000001830000-0x0000000001831000-memory.dmp

Filesize
4KB

Download
memory/2140-33-0x0000000001040000-0x0000000001041000-memory.dmp

Filesize
4KB

Download
memory/2140-34-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/2140-35-0x0000000000E90000-0x0000000000E91000-memory.dmp

Filesize
4KB

Download
memory/2140-73-0x0000000001840000-0x0000000001841000-memory.dmp

Filesize
4KB

Download
memory/2140-36-0x0000000001060000-0x0000000001061000-memory.dmp

Filesize
4KB

Download
memory/2140-37-0x0000000001080000-0x0000000001081000-memory.dmp

Filesize
4KB

Download
memory/2140-53-0x0000000001150000-0x0000000001151000-memory.dmp

Filesize
4KB

Download
memory/2140-39-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/2140-40-0x0000000001090000-0x0000000001091000-memory.dmp

Filesize
4KB

Download
memory/2140-41-0x00000000010C0000-0x00000000010C1000-memory.dmp

Filesize
4KB

Download
memory/2140-43-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/2140-42-0x00000000010B0000-0x00000000010B1000-memory.dmp

Filesize
4KB

Download
memory/2140-45-0x0000000001100000-0x0000000001101000-memory.dmp

Filesize
4KB

Download
memory/2140-44-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/2140-46-0x00000000010F0000-0x00000000010F1000-memory.dmp

Filesize
4KB

Download
memory/2140-48-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/2140-47-0x0000000001120000-0x0000000001121000-memory.dmp

Filesize
4KB

Download
memory/2140-72-0x0000000001810000-0x0000000001811000-memory.dmp

Filesize
4KB

Download
memory/2140-49-0x0000000001140000-0x0000000001141000-memory.dmp

Filesize
4KB

Download
memory/2140-95-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2140-71-0x00000000016B0000-0x00000000016B1000-memory.dmp

Filesize
4KB

Download
memory/2140-38-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2140-54-0x0000000001280000-0x0000000001281000-memory.dmp

Filesize
4KB

Download
memory/2140-55-0x0000000001270000-0x0000000001271000-memory.dmp

Filesize
4KB

Download
memory/2140-56-0x00000000012A0000-0x00000000012A1000-memory.dmp

Filesize
4KB

Download
memory/2140-57-0x0000000001290000-0x0000000001291000-memory.dmp

Filesize
4KB

Download
memory/2140-58-0x00000000012C0000-0x00000000012C1000-memory.dmp

Filesize
4KB

Download
memory/2140-59-0x00000000012B0000-0x00000000012B1000-memory.dmp

Filesize
4KB

Download
memory/2140-60-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/2140-61-0x00000000012D0000-0x00000000012D1000-memory.dmp

Filesize
4KB

Download
memory/2140-62-0x0000000001300000-0x0000000001301000-memory.dmp

Filesize
4KB

Download
memory/2140-63-0x00000000012F0000-0x00000000012F1000-memory.dmp

Filesize
4KB

Download
memory/2140-64-0x0000000001320000-0x0000000001321000-memory.dmp

Filesize
4KB

Download
memory/2140-65-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/2140-66-0x0000000001340000-0x0000000001341000-memory.dmp

Filesize
4KB

Download
memory/2140-67-0x0000000001330000-0x0000000001331000-memory.dmp

Filesize
4KB

Download
memory/2140-70-0x00000000016C0000-0x00000000016C1000-memory.dmp

Filesize
4KB

Download
memory/2140-69-0x0000000001690000-0x0000000001691000-memory.dmp

Filesize
4KB

Download
memory/2336-30-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2336-11-0x0000000002400000-0x0000000002402000-memory.dmp

Filesize
8KB

Download
memory/2336-23-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/2336-18-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/2336-31-0x0000000000A70000-0x0000000000AB3000-memory.dmp

Filesize
268KB

Download
memory/2336-28-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2336-29-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2336-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2336-7-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/2336-16-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2336-27-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2336-1-0x0000000000A70000-0x0000000000AB3000-memory.dmp

Filesize
268KB

Download
memory/2336-19-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/2336-14-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2336-5-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/2336-13-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2336-12-0x00000000023F0000-0x00000000023F2000-memory.dmp

Filesize
8KB

Download
memory/2336-6-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/2336-8-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2336-25-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download