6b94467bce07dccb635f7e3e5022eba6faf574b5b6ab0858fa087f48d96468f8

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa7d59f8ae9e7069433929c92ac91d2d_JaffaCakes118.exe
Size

9.2MB
MD5

fa7d59f8ae9e7069433929c92ac91d2d
SHA1

b0e94d3d3db19595a4ab2210daf365f5703cdf9f
SHA256

6b94467bce07dccb635f7e3e5022eba6faf574b5b6ab0858fa087f48d96468f8
SHA512

54a48d32eb615755295733d3fe1dbd36c7f11aa6182e421949f761201820c21090e8810f1025e5080eb90d37b3ca3c353d2715da01ffa4d39505bb56c8782e6d
SSDEEP

49152:EQFRHrmQG+yrY+GrmQG+hrY+GrmQG+z+brY+GrmQG+hrY+Gr0rY+GrmQG+z+brYf:EcKXM7mBM7qK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4988	fqrlg.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4988	fqrlg.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4988	fqrlg.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4988	fqrlg.exe
4988	fqrlg.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 4988	1432	fa7d59f8ae9e7069433929c92ac91d2d_JaffaCakes118.exe	91
PID 1432 wrote to memory of 4988	1432	fa7d59f8ae9e7069433929c92ac91d2d_JaffaCakes118.exe	91
PID 1432 wrote to memory of 4988	1432	fa7d59f8ae9e7069433929c92ac91d2d_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\fa7d59f8ae9e7069433929c92ac91d2d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa7d59f8ae9e7069433929c92ac91d2d_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Users\Admin\AppData\Local\Temp\fqrlg.exe
  C:\Users\Admin\AppData\Local\Temp\fqrlg.exe -run C:\Users\Admin\AppData\Local\Temp\fa7d59f8ae9e7069433929c92ac91d2d_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5464 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:3844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fqrlg.exe

Filesize
11.1MB

MD5
2b63ee5025ff0e93f0e3bac3f575ebf1

SHA1
4a64ed56a957f6aa77959b2673d68bc69dc16f63

SHA256
bf195f6593822d5331127e541adb98c68e6eb98d14af0435ba52b48eea5136d7

SHA512
3937cc558bb9ece8fd5e74ac7b79206829347f31701511bfb0a94cb13b14f72a512d39dc1662497d5ce5df5ad797324c61ada1088200b97cd0e6b6d8f459ec1c

Download Submit
memory/1432-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1432-1-0x00000000022D0000-0x0000000002320000-memory.dmp

Filesize
320KB

Download
memory/1432-3-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1432-2-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1432-4-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/1432-5-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1432-6-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1432-7-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1432-8-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/1432-9-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/1432-10-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1432-11-0x0000000002D60000-0x0000000002D62000-memory.dmp

Filesize
8KB

Download
memory/1432-12-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1432-13-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/1432-14-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/1432-15-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1432-16-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1432-17-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/1432-18-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1432-19-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/1432-20-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/1432-21-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/1432-22-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/1432-23-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1432-24-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/1432-25-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/1432-26-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/1432-27-0x0000000002D50000-0x0000000002D56000-memory.dmp

Filesize
24KB

Download
memory/1432-28-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-29-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-31-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-30-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-32-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-33-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-35-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-34-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-36-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-38-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-39-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-41-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-40-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-42-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-43-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-44-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-45-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-47-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-46-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-48-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-49-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-53-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/1432-55-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/1432-56-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/1432-58-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/1432-59-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/1432-61-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/1432-63-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/1432-62-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/1432-65-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/1432-66-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/1432-64-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/1432-68-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1432-67-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/1432-60-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/1432-57-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1432-54-0x0000000002E20000-0x0000000002F20000-memory.dmp

Filesize
1024KB

Download
memory/4988-103-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/4988-120-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download