Analysis
-
max time kernel
141s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 21:16
Behavioral task
behavioral1
Sample
64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe
-
Size
8.5MB
-
MD5
64cb7853734b2c2ec996b0dfb3274870
-
SHA1
b2463ceabf2fd47dfe4050eec27a453513215684
-
SHA256
348ef2dd83a99d7bef81112fb3ee9d6abb7bbc6ffe26cb4249fd90df34ab814c
-
SHA512
e8f61f049665b7df678492d966bc47aa97785e10ddd86a4b7431a616427118aab9045a41efeec3903159ed97746fba3ba483e65e981e129912f8e1359cd9e2b4
-
SSDEEP
196608:ZDILoP1HSsimvlG2etbYPvbJQlHJCOj8Cs4dLOt:/P1pimtokJQlpfk
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 2952 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe 2952 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe 2952 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe 2952 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe 2952 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe 2952 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3912 wrote to memory of 2952 3912 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe 87 PID 3912 wrote to memory of 2952 3912 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe 87 PID 3912 wrote to memory of 2952 3912 64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Users\Admin\AppData\Local\Temp\64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\64cb7853734b2c2ec996b0dfb3274870_JaffaCakes118.exe"2⤵
- Loads dropped DLL
PID:2952
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD52ebf45da71bd8ef910a7ece7e4647173
SHA14ecc9c2d4abe2180d345f72c65758ef4791d6f06
SHA256cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b
SHA512a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457
-
Filesize
113KB
MD5c827a20fc5f1f4e0ef9431f29ebf03b4
SHA1ee36cb853d79b0ba6b4e99b1ef2fbae840c5489d
SHA256d500cff28678eced1fc4b3aeabecc0f3b30de735fdefe90855536bc29fc2cb4d
SHA512d40b816cde6bdf6e46c379674c76f0991268bd1617b96a4e4f944b80e12692ce410e67e006b50b6a8cfaef96aacc6cb806280bac3aa18ee8690669702d01065c
-
Filesize
67KB
MD56b59705d8ac80437dd81260443912532
SHA1d206d9974167eb60fb201f2b5bf9534167f9fb08
SHA25662ed631a6ad09e96b4b6f4566c2afc710b3493795edee4cc14a9c9de88230648
SHA512fa44386b9a305a1221ed79e1ca6d7edf7a8e288836b77cdca8793c82ebf74a0f28a3fc7ae49e14e87029642d81773d960c160c8b3bcb73e8a4ec9a2fd1cdc7fd
-
Filesize
768KB
MD590ae7f393c7b387e264d5be6c9057f92
SHA1384a445b35fd5bf48f5585ce3ffc0123501aa1d7
SHA2565f903b4551e9e7269d9c5c9c496b911c7d319eb7e6b8d98a4f6ad47628500107
SHA512607974aafed9cdd7bdb85dfca597ac1b407c590a48ef0ecdea3cf411b3a57610be30ca7f8baff7ac4fdafdac449dd2aaf1575aa0140badfb4cd140e457061fd9
-
Filesize
28KB
MD5bc20614744ebf4c2b8acd28d1fe54174
SHA1665c0acc404e13a69800fae94efd69a41bdda901
SHA2560c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA5120c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b
-
Filesize
3.9MB
MD5c512c6ea9f12847d991ceed6d94bc871
SHA152e1ef51674f382263b4d822b8ffa5737755f7e7
SHA25679545f4f3a658865f510ab7df96516f660e6e18fe12cadaaec3002b51fc29ef6
SHA512e023a353d6f0267f367276344df5f2fdbc208f916ca87fa5b4310ea7edcac0a24837c23ab671fb4b15b109915dfd0e57fbe07593a764b3219312ed5737052822
-
Filesize
23KB
MD5441299529d0542d828bafe9ac69c4197
SHA1da31b9afb68ba6e2d40bbc8e1e25980c2afeb1b3
SHA256973f851dfaf98617b3eb6fa38befeb7ede49bd993408917e207dc7ea399de326
SHA5129f0fb359a4291d47b8dc0ec789c319637dde0f09e59408c4d7fd9265e51c978aa3ba7ea51ca9524833814bca9e7978d9817658655ee339191634d4ae5f426ddc