36946f02e58d26f592c302ab7b6039540cb2abba6949ece6122345d0620813b1

Analysis

max time kernel
138s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

644af6a0e88099742c57f512300efd26_JaffaCakes118.exe
Size

764KB
MD5

644af6a0e88099742c57f512300efd26
SHA1

ff249db6fae071e2e789eb9400f920474332da16
SHA256

36946f02e58d26f592c302ab7b6039540cb2abba6949ece6122345d0620813b1
SHA512

018f468651cecfd08dc9b6ad1dddd75330730e22dd976691194e0da78c1567b20d70b1db7b288d371066905e2a857028a775d640bd69f7cf06546352f0c1eb99
SSDEEP

12288:Z4vpDlah+ipXIorYbjm4g3NVv0vhdFrCyelrkAEcErv6F33+BDAU4KxCtozbtraf:Z4vBlji7eGVvCP7OrPIrSF3eDAU4yCeg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2408	644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp
1796	644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4564	4872	WerFault.exe	82

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 2408	4872	644af6a0e88099742c57f512300efd26_JaffaCakes118.exe	83
PID 4872 wrote to memory of 2408	4872	644af6a0e88099742c57f512300efd26_JaffaCakes118.exe	83
PID 4872 wrote to memory of 2408	4872	644af6a0e88099742c57f512300efd26_JaffaCakes118.exe	83
PID 2408 wrote to memory of 1796	2408	644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp	84
PID 2408 wrote to memory of 1796	2408	644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp	84
PID 2408 wrote to memory of 1796	2408	644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp	84

C:\Users\Admin\AppData\Local\Temp\644af6a0e88099742c57f512300efd26_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\644af6a0e88099742c57f512300efd26_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Users\Admin\AppData\Local\Temp\is-DRAJT.tmp\644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DRAJT.tmp\644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp" /SL5="$E004C,714941,54272,C:\Users\Admin\AppData\Local\Temp\644af6a0e88099742c57f512300efd26_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\is-T1INN.tmp\644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-T1INN.tmp\644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp" /SL5="$F0038,55940,54272,C:\Users\Admin\AppData\Local\Temp\is-DRAJT.tmp\644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp" /SL5="$E004C,714941,54272,C:\Users\Admin\AppData\Local\Temp\644af6a0e88099742c57f512300efd26_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    PID:1796
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 460
  2⤵
  - Program crash
  PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4872 -ip 4872
1⤵
PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-DRAJT.tmp\644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp

Filesize
84KB

MD5
5a2d0007dabea30e91fdab9831a979a0

SHA1
93d28f4e551746189016d5a030c78cfb0e6c0bb7

SHA256
8673dadd8a71fd0cc97e00bbc4aab04ddaf563d43a297f6250356faf7dd47dd1

SHA512
6df1d5208bbe8e8af6ca0a1b248413482cd6300e6c9f11af9e105de95c7c86507a10b04ef73d397fb67a5caae2872fe63b0faf11565bcb461633c84ed759fddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T1INN.tmp\644af6a0e88099742c57f512300efd26_JaffaCakes118.tmp

Filesize
53KB

MD5
9d59794131059cdc5948e43e3ff7f7d8

SHA1
68d3d3b9508e126e701e528964fc379ecf5d696d

SHA256
f6d23d64cc0c90976d67d69085ddc0ec24e68e4998a44ef516b26458bdbbe038

SHA512
0e17f9762128567bd33e33bd98f1513fc7ed97a929e5714ede6bafadbf2f6c0e1cd66ac295019b65549ae949fd0c966f5420042b7f4ea4872e0e1d25cce40466

Download Submit
memory/1796-14-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1796-16-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1796-17-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2408-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2408-10-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2408-18-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4872-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4872-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/4872-19-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads