de0904f35a06210ddb20cb2edd8e7021e3a547cc3fc71d2d417107d119a3c8ef

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe
Size

475KB
MD5

24ff7b20126836191f694f4d51839bde
SHA1

626ae181ac100c6e8beab026c5a1a75106a8cbdf
SHA256

de0904f35a06210ddb20cb2edd8e7021e3a547cc3fc71d2d417107d119a3c8ef
SHA512

1120d6f0b5b34db3e2b5d593260daedec2799f7fbe86855afe67a969d482e41294297a89d878d68501bcc1ba5d40eb1d418f91899e2b92bce6252bdc509d390d
SSDEEP

12288:oYOUJAyVEO8kV0fJOFBezrlMpF2IqcYPoxmtF9fS:tJAySfJOCtMpRqcwoxmf96

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2384	yhiagvicbojqgn.exe

Loads dropped DLL 2 IoCs

pid	Process
2060	24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe
2060	24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2384	yhiagvicbojqgn.exe
2384	yhiagvicbojqgn.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2384	2060	24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe	28
PID 2060 wrote to memory of 2384	2060	24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe	28
PID 2060 wrote to memory of 2384	2060	24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe	28
PID 2060 wrote to memory of 2384	2060	24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe	28
PID 2384 wrote to memory of 2592	2384	yhiagvicbojqgn.exe	29
PID 2384 wrote to memory of 2592	2384	yhiagvicbojqgn.exe	29
PID 2384 wrote to memory of 2592	2384	yhiagvicbojqgn.exe	29

C:\Users\Admin\AppData\Local\Temp\24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\yhiagvicbojqgn.exe
  "C:\Users\Admin\AppData\Local\Temp\\yhiagvicbojqgn.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
    dw20.exe -x -s 1032
    3⤵
    PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
475KB

MD5
24ff7b20126836191f694f4d51839bde

SHA1
626ae181ac100c6e8beab026c5a1a75106a8cbdf

SHA256
de0904f35a06210ddb20cb2edd8e7021e3a547cc3fc71d2d417107d119a3c8ef

SHA512
1120d6f0b5b34db3e2b5d593260daedec2799f7fbe86855afe67a969d482e41294297a89d878d68501bcc1ba5d40eb1d418f91899e2b92bce6252bdc509d390d

Download Submit
\Users\Admin\AppData\Local\Temp\yhiagvicbojqgn.exe

Filesize
23KB

MD5
831fe278215fcca35b2591bd81bfc398

SHA1
b1b37650a6ff8208968d95c3f89fcf52fdafaf0d

SHA256
7a19030ab932a63e1d6facc331ee2add06143fc581e9f6c6585eecab6c94d552

SHA512
997314ce7bb525f81545474777344aa0c87dbf8eb5ab3a0b2edb843f936527da063ce64a4c47cba0b2bd56f3e9c80245d659a681977013e85380132109664e9e

Download Submit
memory/2384-8-0x000007FEF59EE000-0x000007FEF59EF000-memory.dmp

Filesize
4KB

Download
memory/2384-10-0x0000000001E90000-0x0000000001ED4000-memory.dmp

Filesize
272KB

Download
memory/2384-11-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

Filesize
9.6MB

Download
memory/2384-14-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

Filesize
9.6MB

Download
memory/2384-15-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

Filesize
9.6MB

Download
memory/2384-16-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

Filesize
9.6MB

Download
memory/2384-17-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

Filesize
9.6MB

Download
memory/2384-18-0x000007FEF59EE000-0x000007FEF59EF000-memory.dmp

Filesize
4KB

Download
memory/2384-19-0x000007FEF5730000-0x000007FEF60CD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads