7f0b5209ef361052f519f4d6cf088e953aaef5e530e906dcbcdf583c8272739f

General

Target

fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe
Size

209KB
MD5

fea58d9d6c8ffe3fa4bbbf067b95c9f1
SHA1

d888b58da02629e2741e3d85c1cd8b3e9c7b9df4
SHA256

7f0b5209ef361052f519f4d6cf088e953aaef5e530e906dcbcdf583c8272739f
SHA512

df6656f0869463f2141f7a3cf3b691bc95cafd47f2b298ddac5bec3f52679312b07ebb7037476a94c27da2b5b0d246063664ed03a7779d63f4d1f109cac362d5
SSDEEP

6144:Dl2/rr3UFw0bh+RxYclqC24LwzG7Su+UqK9FbLeF:QE+wxcl52UwUSaLL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2512	u.dll
2576	u.dll
1248	mpress.exe

Loads dropped DLL 6 IoCs

pid	Process
3016	cmd.exe
3016	cmd.exe
3016	cmd.exe
3016	cmd.exe
2576	u.dll
2576	u.dll

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 3016	2184	fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe	29
PID 2184 wrote to memory of 3016	2184	fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe	29
PID 2184 wrote to memory of 3016	2184	fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe	29
PID 2184 wrote to memory of 3016	2184	fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe	29
PID 3016 wrote to memory of 2512	3016	cmd.exe	30
PID 3016 wrote to memory of 2512	3016	cmd.exe	30
PID 3016 wrote to memory of 2512	3016	cmd.exe	30
PID 3016 wrote to memory of 2512	3016	cmd.exe	30
PID 3016 wrote to memory of 2576	3016	cmd.exe	31
PID 3016 wrote to memory of 2576	3016	cmd.exe	31
PID 3016 wrote to memory of 2576	3016	cmd.exe	31
PID 3016 wrote to memory of 2576	3016	cmd.exe	31
PID 2576 wrote to memory of 1248	2576	u.dll	32
PID 2576 wrote to memory of 1248	2576	u.dll	32
PID 2576 wrote to memory of 1248	2576	u.dll	32
PID 2576 wrote to memory of 1248	2576	u.dll	32
PID 3016 wrote to memory of 1532	3016	cmd.exe	33
PID 3016 wrote to memory of 1532	3016	cmd.exe	33
PID 3016 wrote to memory of 1532	3016	cmd.exe	33
PID 3016 wrote to memory of 1532	3016	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\1861.tmp\vir.bat""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\3469.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\3469.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe346A.tmp"
      4⤵
      Executes dropped EXE
      PID:1248
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1861.tmp\vir.bat

Filesize
1KB

MD5
e4f4fe0d74d4b6adcba64cd91a5829c2

SHA1
3ef1a1e5fa5c11853bdfd484832e7a25639f46a4

SHA256
47d7796cf3fd334ab2b7e6cd4a84fdbaaa405c0d1d707b4d3e498e4f8ed4759c

SHA512
dc1421151d3ffaf132743b4898cec84a4a4e53e57441f551fdad38e1228a7554dae0ffb5b149c9354e38f8d83464556956ca27d61a4da78cf006709a7a49b763

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe346A.tmp

Filesize
24KB

MD5
256233a5d3eea9b41e645230beae1aa7

SHA1
e224f2b691d1938a9580ec752d1c5de1017685ed

SHA256
cddba6bd4c84380da65492af085a71321d4c31f1800d0d4e8cb5fbd2a7c3a0ac

SHA512
922cc94d623e83be072f79750ff6ff391b9ee724d0f3b360afbd77f81dbe6bd1e173d7dc634b90a666da9d09d59efff7152fa473ada29736af0d588f9c4d0e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe346A.tmp

Filesize
41KB

MD5
ced9fdba93c6c0a69c43a7fc783d0182

SHA1
3919692fb4669491dd6a24c6bb16f430d0a43e7e

SHA256
a3bf78576222c5da88aea0b9196a2d1003618e4bc9de921d3bac3a2c65ded3fc

SHA512
ab94864403a39322f8587ef946a34e06311ef27d051c4023e29e599ac85cd9bfa15dfcb94f491bbc4a95753f33f28a768b22621cba654c8060daa5df03c73ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
9ea19135c5f4066ec4b4d174e449a048

SHA1
e660123c8bdb78bd462f4409775cc001fcb48a82

SHA256
33480a20d4109e995a5b40b5185dbe50175489aa235675938bcd526b9a5491a8

SHA512
49983b1b29c84bf03f43f93d378f81da38ca3c07b5070ca0d9e0f0fdec3312fedca114a35443b1df4fde31c7396fa88a534da1280497b857fc32ef88ecd019c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
7cd7224d304d26111b38a6d336fc7f88

SHA1
8c356820f011db04cc534312eb18355bad3afef6

SHA256
f2bd6777bd6403ef1abc4cec56530732307cfb7ac3b2104f6b8dd857971d4822

SHA512
93e7c72a519bdb414b2335379c61a5fc7c1d783d80369b5403e4d5986fe565331d649636d364d97381ec5dee27b6e1491ac251712bc1a27b3c6016429d83fac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
f3331c7ae4aeeeb6eb55fea808e96428

SHA1
1f11ed87fb76fe0140fb3b9294557f13db167700

SHA256
c607b580e50c780e6a17e33375385b2cfcb087097b33a402da1b33266605c1a6

SHA512
392dc4095a967d8521e126bad26df136f157fe75fe6ddcd9f6d4586c6813854fa496bcbaa2d5bdd7cdcf6b74afd1798a3ccd7387580106e20aed0333867d4449

Download Submit
\Users\Admin\AppData\Local\Temp\3469.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
memory/1248-98-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1248-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2184-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2184-114-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2576-94-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/2576-96-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads