05a3f632ad885030e939c99ed18d43f47fc46b36aea24dece5b78763a933bdba

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe
Size

2.5MB
MD5

3429c25534e6c3abfd59dabc6e9d4b05
SHA1

9e4d12d10c9883305c26c2fc798be7e547189509
SHA256

05a3f632ad885030e939c99ed18d43f47fc46b36aea24dece5b78763a933bdba
SHA512

e95e63f644d89c35647492937de8ac3358ccb5c5f575159aae0b26cf18894186a05f9df7c1a5a18638ec671198f1778997052d1c5e8f0a3cd4818b0a64f12939
SSDEEP

49152:ic/wA+AUomLGFkqA8Gu6fLbl/6jB8rdIJYzQ9jj8rY5QelqnLSKhj0:lUXLGFbARu6fflSGdTE8qlqLxj

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1916	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.tmp

Loads dropped DLL 4 IoCs

pid	Process
2232	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe
1916	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.tmp
1916	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.tmp
1916	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1916	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1916	2232	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe	28
PID 2232 wrote to memory of 1916	2232	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe	28
PID 2232 wrote to memory of 1916	2232	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe	28
PID 2232 wrote to memory of 1916	2232	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe	28
PID 2232 wrote to memory of 1916	2232	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe	28
PID 2232 wrote to memory of 1916	2232	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe	28
PID 2232 wrote to memory of 1916	2232	3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\is-R2A8B.tmp\3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-R2A8B.tmp\3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.tmp" /SL5="$400B2,2222701,121344,C:\Users\Admin\AppData\Local\Temp\3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-G9I3I.tmp\Common.dll

Filesize
72KB

MD5
da23b82a0612f809a1929310b9f5584c

SHA1
3b8d3741329d7fc793f049b9290bba930d9507a5

SHA256
3099245b7cf4374c48fc9804396e70877124ccf612fd151f3411a76d78b33a76

SHA512
5372514fc8ae974176966b552f1c502655eb8a8fdf92b7eff247e76cc0fa8aee01d1b5a12b3f5c8a75c80fefe6b464c2fdcdfc401caab67075c83d793727ad0b

Download Submit
\Users\Admin\AppData\Local\Temp\is-G9I3I.tmp\Crypto.dll

Filesize
496KB

MD5
126507c93cc798a5a70ffb5b0d3aefea

SHA1
d370634b46d81244230d29d76f34439e57e6eda1

SHA256
c40344baa780082208246d6b2ccfaa87f9325e3620a7e8c732594d60574e1ad5

SHA512
d6b70866b013aed6389a59c46bad983e1f55c5d9ea5a6797419c4439a5c98b070f93a69059a0318a89ce50ef1dd155ca1cef2dc26cd035cef9ef782bb37edde0

Download Submit
\Users\Admin\AppData\Local\Temp\is-G9I3I.tmp\InstallHelper.dll

Filesize
40KB

MD5
d3bd8a09b6f3b51b30031fbd57d0d822

SHA1
bd2d7a7bc393671597434a20e5af982ded45549a

SHA256
24f7b12f9bc2ad8cd62c519a3d38af9a229697b9d5e7dc5cbdbacf9c56c5f642

SHA512
88e42577a09689522fc15839ebe931ff2f0306721d3a1a2237a0866f13b3c59edb7991a03ce3f33e747a614b352955841b2a6f2749127ffd42aad96102fab60e

Download Submit
\Users\Admin\AppData\Local\Temp\is-R2A8B.tmp\3429c25534e6c3abfd59dabc6e9d4b05_JaffaCakes118.tmp

Filesize
1.1MB

MD5
90fc739c83cd19766acb562c66a7d0e2

SHA1
451f385a53d5fed15e7649e7891e05f231ef549a

SHA256
821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431

SHA512
4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c

Download Submit
memory/1916-9-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/1916-15-0x0000000000870000-0x0000000000881000-memory.dmp

Filesize
68KB

Download
memory/1916-21-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/2232-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2232-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2232-20-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads