95c789702d7fbbff3f96b01329ff3cb9515b8046ca4d2cc92c49b6e10e9efa06

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe
Size

209KB
MD5

fd0c319a99170420da7ec791714b3561
SHA1

1379c2e3b7a873b3591511a7474ceae6b8f727c1
SHA256

95c789702d7fbbff3f96b01329ff3cb9515b8046ca4d2cc92c49b6e10e9efa06
SHA512

315d8b87f66aea34beb361fc4cbcce7f27d33a3db9830358edac2da5a6f38ee4481f4197ffa79222b566a679a1490f00c955047a0bbde5771602c5c7384b5221
SSDEEP

6144:il2momHHJ712sNoJ1T6+L3DZarwlRZwEcQ:vqSssZ6k3NYSRZw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1296	u.dll
2612	u.dll

Loads dropped DLL 4 IoCs

pid	Process
2060	cmd.exe
2060	cmd.exe
2060	cmd.exe
2060	cmd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2060	2068	fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe	29
PID 2068 wrote to memory of 2060	2068	fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe	29
PID 2068 wrote to memory of 2060	2068	fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe	29
PID 2068 wrote to memory of 2060	2068	fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe	29
PID 2060 wrote to memory of 1296	2060	cmd.exe	30
PID 2060 wrote to memory of 1296	2060	cmd.exe	30
PID 2060 wrote to memory of 1296	2060	cmd.exe	30
PID 2060 wrote to memory of 1296	2060	cmd.exe	30
PID 2060 wrote to memory of 2612	2060	cmd.exe	31
PID 2060 wrote to memory of 2612	2060	cmd.exe	31
PID 2060 wrote to memory of 2612	2060	cmd.exe	31
PID 2060 wrote to memory of 2612	2060	cmd.exe	31
PID 2060 wrote to memory of 2812	2060	cmd.exe	32
PID 2060 wrote to memory of 2812	2060	cmd.exe	32
PID 2060 wrote to memory of 2812	2060	cmd.exe	32
PID 2060 wrote to memory of 2812	2060	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\7BD4.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:1296
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2612
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7BD4.tmp\vir.bat

Filesize
2KB

MD5
cd7508ce88477d021e97b695144ba7e4

SHA1
a72ecdd6a5782a01a6fbe849e7c6cb909fda81d3

SHA256
6d1b4d6de02d6e9bd8d91ee9fb3baf7ea4869e5dc2bbb1cf8ab80f7dec4fb116

SHA512
ebb17541dbf63bb80d281f23b1ea42793f9297c5e7a44c79d2189186d4b7455af34e4df7e735429e638e59035ff2de1a730841e039023f5ea2714ea78d79481f

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
6614c5a3972d904f8f67f1b350c3e142

SHA1
9ed2ace0594e9373cc53fd99fa57728b5270f03a

SHA256
ec59bde04ef213dad8ca4166dc30046a7fc7d6e580b9ad3d370a8847055de124

SHA512
57e90e4b89ab23006f407e54fbe806df560f9e7cb18de5551b5e04b2143a6c498b0d2e362b5ec5f0a1f77510575af785ec0b5800c82641d468c2852fa55447a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
06cd4d92a4f9e2ec559be57e1494703a

SHA1
9c1540609dc50c97db48b125d6ce40be25488c39

SHA256
46d91b3fadcc4208b058efbfaacae7125b3ff9be8f86afddaab66dbf38673ade

SHA512
29dc5d10db63f9388e79da0985242e81c48d2fd24fc7d04adb5b5c637ccf8a1d5a94653434f347f509a47dd447acf5f51ad2982777ed6f9f2db19b12dd8a0ac7

Download Submit
memory/2068-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2068-57-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads