Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20/04/2024, 13:59
Static task
static1
Behavioral task
behavioral1
Sample
fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe
-
Size
8KB
-
MD5
fceb7dd8c689393582389866208cf6fe
-
SHA1
79cdea8594ca6d58161e008b22aae5f0c149e94d
-
SHA256
16cfebf8c1f9127a2e0ef078f279973d8ab408af9d0e99f7c6f9a07f1e728239
-
SHA512
01388fae7fe75d77dc7e3cc03aa7a09cb04164d65a4ef7ffe561c7587c42f62c7f5a8eaeaebf16f6d422fef39a6171322cbd819b04e45afd701928c8f02c9fef
-
SSDEEP
192:ybjmJpxbq1ecenPiyCLGHbjmJzXYWu8+M:ybyPxTXPiypHbytX/
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2748 fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE 2156 fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE -
Loads dropped DLL 4 IoCs
pid Process 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1284 wrote to memory of 2748 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 29 PID 1284 wrote to memory of 2748 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 29 PID 1284 wrote to memory of 2748 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 29 PID 1284 wrote to memory of 2748 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 29 PID 1284 wrote to memory of 2156 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 30 PID 1284 wrote to memory of 2156 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 30 PID 1284 wrote to memory of 2156 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 30 PID 1284 wrote to memory of 2156 1284 fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1284 -
C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE"C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE2⤵
- Executes dropped EXE
PID:2748
-
-
C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE"C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE"2⤵
- Executes dropped EXE
PID:2156
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5ea0fd1d89d4aa3e52ca3f2a3936d5c90
SHA1ebf8372fb21e6b6703a34c9f48b9493b9d0a75df
SHA256a291cb0ab6ab78a72d36867118a6cfb9bc0e968a53d2c22f41cb721c419300b0
SHA5123d422af7e7d9ba7b422af0662470cbdf1bcb399d0508e7b7ba10edaf97cbb539c09d567bf6d87a4377f2fb0945d80c9cbd0be4c0cf0dcf6ff244cf665bc49c58
-
Filesize
8KB
MD508b7fdc19e5b40345457d3f50acd6745
SHA190dfd55502d45ab097ed2f27e6b8a0827f23b777
SHA256d2cc75c407531d02867cb910d72675b256f5e167f64c767d62da4c46c606a127
SHA512205d548ea369328241dfd62de472037685c5a4cfcb6ea7dd30a28a4c7dbeae3b9e269d9a124bf846cd0cc420f4ade4498417423ebf962cc58c655f51f79621e1