95c789702d7fbbff3f96b01329ff3cb9515b8046ca4d2cc92c49b6e10e9efa06

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe
Size

209KB
MD5

fd0c319a99170420da7ec791714b3561
SHA1

1379c2e3b7a873b3591511a7474ceae6b8f727c1
SHA256

95c789702d7fbbff3f96b01329ff3cb9515b8046ca4d2cc92c49b6e10e9efa06
SHA512

315d8b87f66aea34beb361fc4cbcce7f27d33a3db9830358edac2da5a6f38ee4481f4197ffa79222b566a679a1490f00c955047a0bbde5771602c5c7384b5221
SSDEEP

6144:il2momHHJ712sNoJ1T6+L3DZarwlRZwEcQ:vqSssZ6k3NYSRZw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3368	u.dll
4928	mpress.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
700	OpenWith.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 1104	4252	fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe	85
PID 4252 wrote to memory of 1104	4252	fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe	85
PID 4252 wrote to memory of 1104	4252	fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe	85
PID 1104 wrote to memory of 3368	1104	cmd.exe	86
PID 1104 wrote to memory of 3368	1104	cmd.exe	86
PID 1104 wrote to memory of 3368	1104	cmd.exe	86
PID 3368 wrote to memory of 4928	3368	u.dll	87
PID 3368 wrote to memory of 4928	3368	u.dll	87
PID 3368 wrote to memory of 4928	3368	u.dll	87
PID 1104 wrote to memory of 1588	1104	cmd.exe	90
PID 1104 wrote to memory of 1588	1104	cmd.exe	90
PID 1104 wrote to memory of 1588	1104	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\598A.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1104
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save fd0c319a99170420da7ec791714b3561_JaffaCakes118.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\5A45.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\5A45.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe5A46.tmp"
      4⤵
      Executes dropped EXE
      PID:4928
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:1588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\598A.tmp\vir.bat

Filesize
2KB

MD5
cd7508ce88477d021e97b695144ba7e4

SHA1
a72ecdd6a5782a01a6fbe849e7c6cb909fda81d3

SHA256
6d1b4d6de02d6e9bd8d91ee9fb3baf7ea4869e5dc2bbb1cf8ab80f7dec4fb116

SHA512
ebb17541dbf63bb80d281f23b1ea42793f9297c5e7a44c79d2189186d4b7455af34e4df7e735429e638e59035ff2de1a730841e039023f5ea2714ea78d79481f

Download Submit
C:\Users\Admin\AppData\Local\Temp\5A45.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe5A46.tmp

Filesize
41KB

MD5
9bd522b330cdb9f981a2e9ee237a5ec1

SHA1
78a1140de0c99b114ac069ce6f4e3d8d4aa6d337

SHA256
13bf3150689e623156503b5592d21357a34e7201e3bfc953b292179f7151ab25

SHA512
e38d6517e6abd4de1dbb95ca508667d2e5e393287fd5b0c77c35f7b642bee511b73abb7941886669ed2525ffbe1db8dac741dd5526b9c49ca13566ea57a4658b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr5C39.tmp

Filesize
24KB

MD5
6e1bd7c1e24800557f433f84d100cfb8

SHA1
6bde1ae1462fe48ce3797b7d50d70afcfd1ea0e0

SHA256
a0f0791ef8042b8f3eabbb21adf18f35e1af6f2ca916815abe1ebe063014d91e

SHA512
c21bacb854e558a71acada398f583445d912b773b4b511ff2ae414d7e54edc4cd265882b4c851c995a0df6c82950f295991572344e1b9059af8a2d8ad13d218d

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
e6e9eea8477a9cc23e4cf34876f54b3d

SHA1
614155afe905c2372ec85626af490047624037c3

SHA256
4da245e3bdd01f62fe761abeb4bf0667e08e429baa199d95fe8a7340ec5cfa0b

SHA512
c8409e10b60d7a5fefda1e55bb46df2f4c06f96a9e28257680caacfa51b33f6b8a1b6ba50e200afc3fc289db6e26f0bff05c71915cc2cb39d2f99f1eddbb716c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
6614c5a3972d904f8f67f1b350c3e142

SHA1
9ed2ace0594e9373cc53fd99fa57728b5270f03a

SHA256
ec59bde04ef213dad8ca4166dc30046a7fc7d6e580b9ad3d370a8847055de124

SHA512
57e90e4b89ab23006f407e54fbe806df560f9e7cb18de5551b5e04b2143a6c498b0d2e362b5ec5f0a1f77510575af785ec0b5800c82641d468c2852fa55447a5

Download Submit
memory/4252-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4252-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4252-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/4928-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4928-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads