Analysis

  • max time kernel
    132s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 21:48

General

  • Target

    68bfa1b82dc0e2de10d0cf8551938dea_JaffaCakes118.exe

  • Size

    56KB

  • MD5

    68bfa1b82dc0e2de10d0cf8551938dea

  • SHA1

    0cf43f74f078fa4af30f589101a59c9860481b30

  • SHA256

    a3667153a6322fb8d4cf8869c094a05e995e2954fda833fe14304837ed4fd0bd

  • SHA512

    a3e375772eab6b7f8eeedceb54f4e1d041caf3dc1cde03d928e3101de37352082b37ea925fcffe7f46132fa146a5e6db042ac0b0093ac1d8cc00dca9218e22dc

  • SSDEEP

    768:j5QGuIOFwKTMAj3cdXhwlJsYd+mq8ywmgiR+hYHAGQ:VsIOFwKT/BlJsYFq8ye5WQ

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68bfa1b82dc0e2de10d0cf8551938dea_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\68bfa1b82dc0e2de10d0cf8551938dea_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Windows\system32\cmd.exe
      /c wusa.exe C:\Users\Admin\AppData\Local\Temp\CryptBase.dll.cab /quiet /extract:C:\Windows\system32\sysprep\
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4844
      • C:\Windows\system32\wusa.exe
        wusa.exe C:\Users\Admin\AppData\Local\Temp\CryptBase.dll.cab /quiet /extract:C:\Windows\system32\sysprep\
        3⤵
          PID:2348
      • C:\Windows\system32\cmd.exe
        C:\Windows\SysNative\cmd.exe /c C:\Windows\system32\sysprep\sysprep.exe C:\Users\Admin\AppData\Local\Temp\gupdate.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3904
        • C:\Windows\system32\sysprep\sysprep.exe
          C:\Windows\system32\sysprep\sysprep.exe C:\Users\Admin\AppData\Local\Temp\gupdate.exe
          3⤵
          • Drops file in System32 directory
          PID:588

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~Ne3A7B.tmp

      Filesize

      20KB

      MD5

      ab9a743d48383819627ab32d95593f29

      SHA1

      d780ac540ca322b0b89f226867c18c0b7580b84b

      SHA256

      a98826349e2ff22e00ba09a4a31eb133f0388c2a58a8886f26a525207ebe1aca

      SHA512

      dafdfec1edad453200db36f1d317e358b4978141634a6f1131a88bf2ab0ecfbbed07c5123625cfc6d9b606a7a99a5f0e2290172e872fdcd23de7e7a84ef0905d