20c59147a03fed2a1153540737dab7572b2f2735089d65fb3ccf18a62740a511

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe
Size

769KB
MD5

6911aabc7c57719b78a02e5303bebeea
SHA1

aa82a4e1fd73ba2039aff243f82c7f043921c68a
SHA256

20c59147a03fed2a1153540737dab7572b2f2735089d65fb3ccf18a62740a511
SHA512

9dad01479972eeed606308a503305a0651b3cab9a28eaf41eba7be588049844a7ffcc447da5daf1ea7a0c6fc8f44b4bdb87ac64b8a10460fa1fdbe5b0de6bde1
SSDEEP

12288:xyIFxrVelcdsf2RqGLKyIwSSPNYrF/Th7z9YdHO/6R2OPJBj:xyIHBelwsAfKiPN4x2HN77

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp

pid process

2860 6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp

pid	process
2860	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp

Loads dropped DLL 3 IoCs

Processes:

6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp

pid	process
2196	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe
2860	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
2860	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe

description	pid	process	target process
PID 2196 wrote to memory of 2860	2196	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
PID 2196 wrote to memory of 2860	2196	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
PID 2196 wrote to memory of 2860	2196	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
PID 2196 wrote to memory of 2860	2196	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
PID 2196 wrote to memory of 2860	2196	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
PID 2196 wrote to memory of 2860	2196	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
PID 2196 wrote to memory of 2860	2196	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe	6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp

C:\Users\Admin\AppData\Local\Temp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2196

C:\Users\Admin\AppData\Local\Temp\is-88G87.tmp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp
"C:\Users\Admin\AppData\Local\Temp\is-88G87.tmp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp" /SL5="$40112,509598,229376,C:\Users\Admin\AppData\Local\Temp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-4P07C.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
\Users\Admin\AppData\Local\Temp\is-4P07C.tmp\psvince.dll

Filesize
42KB

MD5
d726d1db6c265703dcd79b29adc63f86

SHA1
f471234fa142c8ece647122095f7ff8ea87cf423

SHA256
0afdfed86b9e8193d0a74b5752a693604ab7ca7369d75136899ff8b08b8c5692

SHA512
8cccbff39939bea7d6fe1066551d65d21185cef68d24913ea43f24b8f4e08a5581a9f662061611b15b5248f5f0d541e98d6f70164aaaad14d0856e76fabbfaa4

Download Submit
\Users\Admin\AppData\Local\Temp\is-88G87.tmp\6911aabc7c57719b78a02e5303bebeea_JaffaCakes118.tmp

Filesize
869KB

MD5
9700227bf53c9a62bd8dbc671422adbe

SHA1
8ea54116868c7f5223d0f25176b1e786fa150af7

SHA256
2474c6e72fc638aa29924ec53d94cf970684f909d82c5f9cc2e7aae616e223b3

SHA512
a5a58bc39139f21ce3813faa8cb0b7783e7339dd1b202ad98b39eba03d96b8a880eff34a9e3a1d546330a4ee1762f97b3c3dc5d75de70ebdc91d7e5cc364fac9

Download Submit
memory/2196-2-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download
memory/2196-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2196-21-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2860-8-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2860-12-0x0000000000770000-0x00000000007AC000-memory.dmp

Filesize
240KB

Download
memory/2860-19-0x0000000000770000-0x00000000007AC000-memory.dmp

Filesize
240KB

Download
memory/2860-18-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download