7f0b5209ef361052f519f4d6cf088e953aaef5e530e906dcbcdf583c8272739f

General

Target

fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe
Size

209KB
MD5

fea58d9d6c8ffe3fa4bbbf067b95c9f1
SHA1

d888b58da02629e2741e3d85c1cd8b3e9c7b9df4
SHA256

7f0b5209ef361052f519f4d6cf088e953aaef5e530e906dcbcdf583c8272739f
SHA512

df6656f0869463f2141f7a3cf3b691bc95cafd47f2b298ddac5bec3f52679312b07ebb7037476a94c27da2b5b0d246063664ed03a7779d63f4d1f109cac362d5
SSDEEP

6144:Dl2/rr3UFw0bh+RxYclqC24LwzG7Su+UqK9FbLeF:QE+wxcl52UwUSaLL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2272	u.dll
3348	mpress.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1412	OpenWith.exe
4076	OpenWith.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2908	2132	fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe	86
PID 2132 wrote to memory of 2908	2132	fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe	86
PID 2132 wrote to memory of 2908	2132	fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe	86
PID 2908 wrote to memory of 2272	2908	cmd.exe	87
PID 2908 wrote to memory of 2272	2908	cmd.exe	87
PID 2908 wrote to memory of 2272	2908	cmd.exe	87
PID 2272 wrote to memory of 3348	2272	u.dll	88
PID 2272 wrote to memory of 3348	2272	u.dll	88
PID 2272 wrote to memory of 3348	2272	u.dll	88
PID 2908 wrote to memory of 3500	2908	cmd.exe	92
PID 2908 wrote to memory of 3500	2908	cmd.exe	92
PID 2908 wrote to memory of 3500	2908	cmd.exe	92
PID 2908 wrote to memory of 2960	2908	cmd.exe	95
PID 2908 wrote to memory of 2960	2908	cmd.exe	95
PID 2908 wrote to memory of 2960	2908	cmd.exe	95

C:\Users\Admin\AppData\Local\Temp\fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\2FDA.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save fea58d9d6c8ffe3fa4bbbf067b95c9f1_JaffaCakes118.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\30C4.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\30C4.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe30C5.tmp"
      4⤵
      Executes dropped EXE
      PID:3348
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:3500
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    - Modifies registry class
    PID:2960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2FDA.tmp\vir.bat

Filesize
1KB

MD5
e4f4fe0d74d4b6adcba64cd91a5829c2

SHA1
3ef1a1e5fa5c11853bdfd484832e7a25639f46a4

SHA256
47d7796cf3fd334ab2b7e6cd4a84fdbaaa405c0d1d707b4d3e498e4f8ed4759c

SHA512
dc1421151d3ffaf132743b4898cec84a4a4e53e57441f551fdad38e1228a7554dae0ffb5b149c9354e38f8d83464556956ca27d61a4da78cf006709a7a49b763

Download Submit
C:\Users\Admin\AppData\Local\Temp\30C4.tmp\mpress.exe

Filesize
100KB

MD5
e42b81b9636152c78ba480c1c47d3c7f

SHA1
66a2fca3925428ee91ad9df5b76b90b34d28e0f8

SHA256
7c24c72439880e502be51da5d991b9b56a1af242b4eef4737f0f43b4a87546d2

SHA512
4b2986106325c5c3fe11ab460f646d4740eb85252aa191f2b84e29901fac146d7a82e31c72d39c38a70277f78278621ee506d9da2681f5019cd64c7df85cff6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe30C5.tmp

Filesize
41KB

MD5
ced9fdba93c6c0a69c43a7fc783d0182

SHA1
3919692fb4669491dd6a24c6bb16f430d0a43e7e

SHA256
a3bf78576222c5da88aea0b9196a2d1003618e4bc9de921d3bac3a2c65ded3fc

SHA512
ab94864403a39322f8587ef946a34e06311ef27d051c4023e29e599ac85cd9bfa15dfcb94f491bbc4a95753f33f28a768b22621cba654c8060daa5df03c73ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mpr3170.tmp

Filesize
24KB

MD5
256233a5d3eea9b41e645230beae1aa7

SHA1
e224f2b691d1938a9580ec752d1c5de1017685ed

SHA256
cddba6bd4c84380da65492af085a71321d4c31f1800d0d4e8cb5fbd2a7c3a0ac

SHA512
922cc94d623e83be072f79750ff6ff391b9ee724d0f3b360afbd77f81dbe6bd1e173d7dc634b90a666da9d09d59efff7152fa473ada29736af0d588f9c4d0e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
700KB

MD5
9ea19135c5f4066ec4b4d174e449a048

SHA1
e660123c8bdb78bd462f4409775cc001fcb48a82

SHA256
33480a20d4109e995a5b40b5185dbe50175489aa235675938bcd526b9a5491a8

SHA512
49983b1b29c84bf03f43f93d378f81da38ca3c07b5070ca0d9e0f0fdec3312fedca114a35443b1df4fde31c7396fa88a534da1280497b857fc32ef88ecd019c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
1KB

MD5
7cd7224d304d26111b38a6d336fc7f88

SHA1
8c356820f011db04cc534312eb18355bad3afef6

SHA256
f2bd6777bd6403ef1abc4cec56530732307cfb7ac3b2104f6b8dd857971d4822

SHA512
93e7c72a519bdb414b2335379c61a5fc7c1d783d80369b5403e4d5986fe565331d649636d364d97381ec5dee27b6e1491ac251712bc1a27b3c6016429d83fac0

Download Submit
memory/2132-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2132-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2132-71-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/3348-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3348-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads