8218ba3b223ee86999d28cbae40e363c177f963c4228b8b2da241734596bf2da

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

315ab600160990866a84e3d22b007b30_JaffaCakes118.exe
Size

2.5MB
MD5

315ab600160990866a84e3d22b007b30
SHA1

8c6893894317cbc546f7c4119529ba2c14551c18
SHA256

8218ba3b223ee86999d28cbae40e363c177f963c4228b8b2da241734596bf2da
SHA512

48e388a64ca9e6270ceeca2e0a3b7615da8ba4642a4c9bdb4827e6b47ee530dd57197c443222aec65812c63198617814e1ef0bbb68b33ff72cba243363ba1cb7
SSDEEP

49152:o+V4UJxCNP/3dhk6FWl/ncncHHD3lZ6b+aWaSZDSf6cFQk7xzJL:7VJxCNP/39FsdzlZvDSf53z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2660	MpMiniSigStub.exe

Loads dropped DLL 7 IoCs

pid	Process
3040	315ab600160990866a84e3d22b007b30_JaffaCakes118.exe
2988	MpSigStub.exe
2988	MpSigStub.exe
2988	MpSigStub.exe
2988	MpSigStub.exe
2988	MpSigStub.exe
2988	MpSigStub.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MpSigStub.exe	MpSigStub.exe
File created	C:\Windows\system32\MpSigStub.exe	MpSigStub.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2660	3040	315ab600160990866a84e3d22b007b30_JaffaCakes118.exe	28
PID 3040 wrote to memory of 2660	3040	315ab600160990866a84e3d22b007b30_JaffaCakes118.exe	28
PID 3040 wrote to memory of 2660	3040	315ab600160990866a84e3d22b007b30_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2988	2660	MpMiniSigStub.exe	29
PID 2660 wrote to memory of 2988	2660	MpMiniSigStub.exe	29
PID 2660 wrote to memory of 2988	2660	MpMiniSigStub.exe	29

C:\Users\Admin\AppData\Local\Temp\315ab600160990866a84e3d22b007b30_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\315ab600160990866a84e3d22b007b30_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3040
- \??\c:\03f71d9f8ef463298464452d\MpMiniSigStub.exe
  c:\03f71d9f8ef463298464452d\MpMiniSigStub.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Windows\system32\MpSigStub.exe
    MpSigStub.exe /program c:\03f71d9f8ef463298464452d\MpMiniSigStub.exe
    3⤵
    - Loads dropped DLL
    - Drops file in System32 directory
    PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\03f71d9f8ef463298464452d\MpMiniSigStub.exe

Filesize
31KB

MD5
b3baa44fb1f8f39ef2c4f9c05aaa1dea

SHA1
9236debd3f289ced5e13b14b813a311e475eb93d

SHA256
e200fbe1d5be06faa6ad5c917d4d745e419bc68a9acea7f544e213bfc5f25660

SHA512
201a09388fabdc2fd193773d910766ced193c4c09918a6d2aafb11b0aab21473b36ce2bba940aa1e9378e14ba0ba5d2ceed29d7d7c50cbb3d80a00e06fed3484

Download Submit
\??\c:\03f71d9f8ef463298464452d\1.201.171.0_to_1.201.836.0_mpasdlta.vdm._p

Filesize
2.4MB

MD5
9ca0f87f6268bd76d40d519aeb11d569

SHA1
c10d6b74692204cad1212ea9d9c2b14e7443ef41

SHA256
f4234395a39c4032649cea1a3ea1e40af9b2de74004f0cb348a93c07f9ea73ba

SHA512
16b0bff40f3cba8171a0b0d8177d5071f5ccfdf0b91277b0af7beec57871d59759f13003e2fb5ac044515d4f2a616377c5d2074f3bdce055578929849c5495e2

Download Submit
\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm

Filesize
11.1MB

MD5
b17051cea6ecf263ef7eb4b79fa50763

SHA1
ad15f2f519b32ffce10e23e6ee6436b0d49136e0

SHA256
f10a3dbeaba655f7f595c8954cb85d5e7804a2cdcf6a09c0544eeb739d442dfa

SHA512
f904c88765b9dea30a2276ac988dbc7daa2ca19c879983ab03fa4c7665eec987644ec8734711b7d02597e3b4af8b2625a54930f7afb5ad095c966bef3c087475

Download Submit
\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm

Filesize
331KB

MD5
f0f8b583c084699ddbf036b892058f6e

SHA1
3d7b233ea117b55b3708d29fda451d39313ff27a

SHA256
d2ca676148c1f59c2d3494bb0aa28127d2957ea8c2f494ddebe7e1249038e9a1

SHA512
383a8cdf759e7b4395e0e295700db316c8d06c8589333f22ddc29efdf350c66f5fd8b729f95a0e2a1b3a0798f8af0b06a9bb4971a300039d9baea6101d233697

Download Submit
\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll

Filesize
7.8MB

MD5
97bdc9a400eef273cc4b336614ca74bd

SHA1
b0c55c5f48ec0f32bcac631005755c722913e21c

SHA256
2b0792816c882c8b7dafe93e8148df94b1c0786287272e3fe4005166751069ae

SHA512
7dbe3c6b11ed5997d78bc4982f5b485ad61cc779add961899922a62df8b010dd3481a6236d631c9557816e84de8e4b16d8b66362b04ec6becb16fe85b8169e86

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads