4b862a4d96227563ad77fd1aabf0e4446586f544599a01ecbad00b3c1f79850f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe
Size

2.6MB
MD5

05763fefb28bc86174408d543c8e9e57
SHA1

93f80616ed7b3a874ba3a2eb970e2461d4f77a39
SHA256

4b862a4d96227563ad77fd1aabf0e4446586f544599a01ecbad00b3c1f79850f
SHA512

f3aa8069dc115997d1da7030e06a3c12a18268fa78f6f4d33a4450cf60728598cba69a90c200feb0448e03f05f47792f4b63f5ae54bd2fa04a5555c903bf274c
SSDEEP

49152:bsI6FDcQ7zhwf5qm3Lc0UY0n4T4DsbFPE4rqyIFqyopo:mCQJwf5qmjF0n4b+4eH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp

Loads dropped DLL 11 IoCs

pid	Process
2904	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
3052	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3052	2904	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe	28
PID 2904 wrote to memory of 3052	2904	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe	28
PID 2904 wrote to memory of 3052	2904	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe	28
PID 2904 wrote to memory of 3052	2904	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe	28
PID 2904 wrote to memory of 3052	2904	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe	28
PID 2904 wrote to memory of 3052	2904	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe	28
PID 2904 wrote to memory of 3052	2904	05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\is-PQIVP.tmp\05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PQIVP.tmp\05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp" /SL5="$400F2,2210803,214528,C:\Users\Admin\AppData\Local\Temp\05763fefb28bc86174408d543c8e9e57_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\ITSplLite.dll

Filesize
1.9MB

MD5
c7359107341e5b41acf3be4579b55bf0

SHA1
b52899c16b7b63c278bb4efd065375ac78f1f84b

SHA256
0ae9dda4dca44543918635edbf9714c266ba1604328bd752ea2967047830c093

SHA512
a2c35cc2bcd7d26f399f78b2115efde27fc89c93fce6866b82fe972400e01a5edc5921da976bedb11e70c4b7ba2cd4b6aeff1609d95677c5d3a2eef85c371368

Download Submit
\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\ParsFrms.dll

Filesize
4.2MB

MD5
5efe1b278bb802d7684c75e8645c460a

SHA1
d4f6dd2c7c922eee5cf8cb170d1074df696413c3

SHA256
2a624fabd656d8b69b384be0e73045e0c6959af51c43ae094847558da520ef38

SHA512
44b1dffa958bda2f125f6148bde7bb385698ec4e756f1a1ce0a95361386e83458e6bf3ee6e584d7b59fa20c6946090713baf1ab21c24beaba0ec743a0c8c5462

Download Submit
\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\Parscon.dll

Filesize
117KB

MD5
8e49aa85a7da6cd70eb7c15e4c828b4e

SHA1
973cdc9c10e71c0b07ef2d70a9fc30bb8cc72426

SHA256
57c40a9d2e592d968daa0f092abfa7abe2b41c47eb718adb770bd6930ec0dba4

SHA512
c7e0107d835bd83c7dbd666b5c768befbe303bbb126cbac905aa0c6bb91bcd0c99f03f780606fd8e23ef30b1976452d98f792107e7ed1dd6e630a99f148567f1

Download Submit
\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\Parsdwn.dll

Filesize
412KB

MD5
368079c424c6237e1505a7b9752aff0d

SHA1
300d4dfb31357872eede6fa7e74db5f3bd5d4ab0

SHA256
33fb70bf344456fb73e017f013b99be7be07812a65a7baa087aad265ad467bc4

SHA512
bc4c77088e7ddf1857abd117c7921f6d111d68a82458d5f5465ab6aa1bb0e8202f08931e23bce85d2e6f7baa5a9a667af28d828d90b9f7f0f43e7604d59a8054

Download Submit
\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\Parsec.dll

Filesize
291KB

MD5
2902d6187193278e2c57848db9d3f8b7

SHA1
fb4beb9474cf8b6d6b251faeb23afb68e16568d4

SHA256
9c358e08a19ac5d3e86321cf1b742cf06fadccaea48b00cfdd56fff7a3c9078b

SHA512
c2bdbed0aaa6093ed575c9098131de5c69418274c91032a23c91d0c96473a7d969891e5bc699a912c29a729e26997bda9d7ed484a13f4d3050061d4ab6af7e1b

Download Submit
\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\Parsin.dll

Filesize
177KB

MD5
b61daffc0ce79515781319460f43bde9

SHA1
2bf3d2f0a88ec6f27fbb4eab507ec5d7b3431446

SHA256
6969542e2233694b05b7267b6b78ee7f47e910c1ce170f901d05e48fe34d9ff6

SHA512
ba65ad680d7e214c9d2ae963e2e03664b1eacd1ba72a8fd657edd3c4d9ca64da4f68e85dc19d8e6a8719ee59218c5c649b159ba72f0102cecb5eec1e04e83f32

Download Submit
\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\idp.dll

Filesize
165KB

MD5
4af80b8a27320d5685f7b255efc7c2f3

SHA1
f0819580166790b745e4974c673d438ccd5a263f

SHA256
592331029546d61a2be697144840fb04a84bffb95608b1d2862fca5b8dabc357

SHA512
a1f719992f69e6c3f8f359259900d9a587cc02037812d8f4b8074a062c1efb68f274ef041c7898851580c207f4ab1fefd6c40f29748b4527283553de366ee77b

Download Submit
\Users\Admin\AppData\Local\Temp\is-B8SOI.tmp\preSplash.dll

Filesize
2.3MB

MD5
23ecb065d45a3556164b03cd2b839bab

SHA1
5918643a8de0f383812e68a2dd3f3ca4387d5f03

SHA256
4248e1f9c7690a0405ef9cdf82b57aa5c2d0d30771ace4af0c6a7506bcc5d871

SHA512
7bff2ea16f3fc953983ec5c4ba0404326a1feb5fc1059de444e3da2db760010b326bbf6382023f581b52835d1f2df46f465743cd80f1426c1ed53bce305e90ec

Download Submit
\Users\Admin\AppData\Local\Temp\is-PQIVP.tmp\05763fefb28bc86174408d543c8e9e57_JaffaCakes118.tmp

Filesize
1.2MB

MD5
cb33ff3204491fab4686d61710d3ea24

SHA1
32b89dbe761f7486c68d1767563d8ad1f08d99ef

SHA256
ff652f10ac6dbf8d4965f6624339c67e02715cf499ad8b26c1a683bd503e4136

SHA512
ed888d1f3cb5865217f4952edcc5cc592dac9f4efc1ef44b8de960425f49f6155cd3f9b663dd7b9b834210cc10c99119cb27b9a97cd747cf7991812b1d0e29d8

Download Submit
memory/2904-78-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2904-2-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2904-52-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2904-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3052-45-0x00000000064D0000-0x00000000066BF000-memory.dmp

Filesize
1.9MB

Download
memory/3052-55-0x0000000002280000-0x00000000022A6000-memory.dmp

Filesize
152KB

Download
memory/3052-41-0x0000000005DA0000-0x00000000061D7000-memory.dmp

Filesize
4.2MB

Download
memory/3052-33-0x0000000005470000-0x00000000054E2000-memory.dmp

Filesize
456KB

Download
memory/3052-29-0x0000000002280000-0x00000000022A6000-memory.dmp

Filesize
152KB

Download
memory/3052-49-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/3052-48-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/3052-47-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/3052-25-0x0000000005410000-0x0000000005463000-memory.dmp

Filesize
332KB

Download
memory/3052-53-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/3052-57-0x0000000005940000-0x0000000005B94000-memory.dmp

Filesize
2.3MB

Download
memory/3052-58-0x0000000005DA0000-0x00000000061D7000-memory.dmp

Filesize
4.2MB

Download
memory/3052-56-0x0000000005470000-0x00000000054E2000-memory.dmp

Filesize
456KB

Download
memory/3052-37-0x0000000005940000-0x0000000005B94000-memory.dmp

Filesize
2.3MB

Download
memory/3052-54-0x0000000005410000-0x0000000005463000-memory.dmp

Filesize
332KB

Download
memory/3052-59-0x00000000064D0000-0x00000000066BF000-memory.dmp

Filesize
1.9MB

Download
memory/3052-68-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3052-71-0x0000000002280000-0x00000000022A6000-memory.dmp

Filesize
152KB

Download
memory/3052-69-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/3052-75-0x00000000064D0000-0x00000000066BF000-memory.dmp

Filesize
1.9MB

Download
memory/3052-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3052-73-0x0000000005940000-0x0000000005B94000-memory.dmp

Filesize
2.3MB

Download
memory/3052-72-0x0000000005470000-0x00000000054E2000-memory.dmp

Filesize
456KB

Download
memory/3052-70-0x0000000005410000-0x0000000005463000-memory.dmp

Filesize
332KB

Download
memory/3052-74-0x0000000005DA0000-0x00000000061D7000-memory.dmp

Filesize
4.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads