fad25f97c0fb28f758278a492b45e65d17d38a71b6f2daf3557dd50178795dfb

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f4a39afe7e5213653c3e78a50b0ea8_JaffaCakes118.exe
Size

2.4MB
MD5

45f4a39afe7e5213653c3e78a50b0ea8
SHA1

ff9f0355f666c818026353beb26819d4d9d652aa
SHA256

fad25f97c0fb28f758278a492b45e65d17d38a71b6f2daf3557dd50178795dfb
SHA512

f26e918ba2b8f9409ac541c2adce00743e4701d6cf71681bde505596b34d02439309bd13b958e3fa8c5920b3b4688b59a2d74039ba2c917e7a2fd4b1206394ff
SSDEEP

49152:q+lkWEH8ooE+fK1q8Lq4QG3qmkIth54sqNjIb5d7MJ8nNL8C6S7lasv:hkW6Z7rI4QG3pq9Ib5lnNL8CxF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2984	MpMiniSigStub.exe

Loads dropped DLL 7 IoCs

pid	Process
1896	45f4a39afe7e5213653c3e78a50b0ea8_JaffaCakes118.exe
3052	MpSigStub.exe
3052	MpSigStub.exe
3052	MpSigStub.exe
3052	MpSigStub.exe
3052	MpSigStub.exe
3052	MpSigStub.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MpSigStub.exe	MpSigStub.exe
File created	C:\Windows\system32\MpSigStub.exe	MpSigStub.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2984	1896	45f4a39afe7e5213653c3e78a50b0ea8_JaffaCakes118.exe	28
PID 1896 wrote to memory of 2984	1896	45f4a39afe7e5213653c3e78a50b0ea8_JaffaCakes118.exe	28
PID 1896 wrote to memory of 2984	1896	45f4a39afe7e5213653c3e78a50b0ea8_JaffaCakes118.exe	28
PID 2984 wrote to memory of 3052	2984	MpMiniSigStub.exe	29
PID 2984 wrote to memory of 3052	2984	MpMiniSigStub.exe	29
PID 2984 wrote to memory of 3052	2984	MpMiniSigStub.exe	29

C:\Users\Admin\AppData\Local\Temp\45f4a39afe7e5213653c3e78a50b0ea8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45f4a39afe7e5213653c3e78a50b0ea8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1896
- \??\c:\60b79dc2473be7777c\MpMiniSigStub.exe
  c:\60b79dc2473be7777c\MpMiniSigStub.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Windows\system32\MpSigStub.exe
    MpSigStub.exe /program c:\60b79dc2473be7777c\MpMiniSigStub.exe
    3⤵
    - Loads dropped DLL
    - Drops file in System32 directory
    PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\60b79dc2473be7777c\MpMiniSigStub.exe

Filesize
31KB

MD5
b3baa44fb1f8f39ef2c4f9c05aaa1dea

SHA1
9236debd3f289ced5e13b14b813a311e475eb93d

SHA256
e200fbe1d5be06faa6ad5c917d4d745e419bc68a9acea7f544e213bfc5f25660

SHA512
201a09388fabdc2fd193773d910766ced193c4c09918a6d2aafb11b0aab21473b36ce2bba940aa1e9378e14ba0ba5d2ceed29d7d7c50cbb3d80a00e06fed3484

Download Submit
\??\c:\60b79dc2473be7777c\1.201.478.0_to_1.201.836.0_mpasdlta.vdm._p

Filesize
2.3MB

MD5
0d0c4ab400035bfe646f3862a3ec4e04

SHA1
1c7ca0a7c5aed48cb2c99cf449e2f678b22ec9b8

SHA256
a032ff385ba4768a728039e3e7751f55c32c2424fb1086a70d9d24951b7b1979

SHA512
68f215f2c91498813318618dd59f5eb3f6a6f5cc822fae01eb29fb036348f7c0db614b763860d47f3b18c4385069306cb40773ba271472d8dbf65d1a45559402

Download Submit
\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm

Filesize
11.1MB

MD5
b17051cea6ecf263ef7eb4b79fa50763

SHA1
ad15f2f519b32ffce10e23e6ee6436b0d49136e0

SHA256
f10a3dbeaba655f7f595c8954cb85d5e7804a2cdcf6a09c0544eeb739d442dfa

SHA512
f904c88765b9dea30a2276ac988dbc7daa2ca19c879983ab03fa4c7665eec987644ec8734711b7d02597e3b4af8b2625a54930f7afb5ad095c966bef3c087475

Download Submit
\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm

Filesize
331KB

MD5
f0f8b583c084699ddbf036b892058f6e

SHA1
3d7b233ea117b55b3708d29fda451d39313ff27a

SHA256
d2ca676148c1f59c2d3494bb0aa28127d2957ea8c2f494ddebe7e1249038e9a1

SHA512
383a8cdf759e7b4395e0e295700db316c8d06c8589333f22ddc29efdf350c66f5fd8b729f95a0e2a1b3a0798f8af0b06a9bb4971a300039d9baea6101d233697

Download Submit
\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll

Filesize
7.8MB

MD5
97bdc9a400eef273cc4b336614ca74bd

SHA1
b0c55c5f48ec0f32bcac631005755c722913e21c

SHA256
2b0792816c882c8b7dafe93e8148df94b1c0786287272e3fe4005166751069ae

SHA512
7dbe3c6b11ed5997d78bc4982f5b485ad61cc779add961899922a62df8b010dd3481a6236d631c9557816e84de8e4b16d8b66362b04ec6becb16fe85b8169e86

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads