c6306e44d7fa39d1e8beb2acfde2a5567a0c8b8b0ef0ef14f921a82b0e5f8807

General

Target

65e183f999650701e30901b8cf864801_JaffaCakes118.exe
Size

1.1MB
MD5

65e183f999650701e30901b8cf864801
SHA1

cbc51318f370c99f256fc993d8082f4919fe8898
SHA256

c6306e44d7fa39d1e8beb2acfde2a5567a0c8b8b0ef0ef14f921a82b0e5f8807
SHA512

e7aac004ee373d12311a252eab57a96644310e6a196712b08dda3584046c1f3880ab7fe28dfd3e5234e6cd02f243b39b1e6723cd7ca43204dffdb02c16ab08b0
SSDEEP

24576:nAHnh+eWsN3skA4RV1Hom2KXMmHauDq+xM0NtFKvyhErE5Wy:ah+ZkldoPK8Yauu+tNtFKQEeX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

65e183f999650701e30901b8cf864801_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664

C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe"
2⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe"
2⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe"
2⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe"
2⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe"
2⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65e183f999650701e30901b8cf864801_JaffaCakes118.exe"
2⤵
PID:2412

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-0-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download

description	pid	process	target process
PID 1664 wrote to memory of 2632	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2632	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2632	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2632	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2796	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2796	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2796	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2796	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2556	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2556	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2556	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2556	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2548	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2548	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2548	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2548	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2792	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2792	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2792	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2792	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2412	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2412	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2412	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe
PID 1664 wrote to memory of 2412	1664	65e183f999650701e30901b8cf864801_JaffaCakes118.exe	65e183f999650701e30901b8cf864801_JaffaCakes118.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads