f03e7c21254c4bce0267e60297d48e8fc0a6761a51ce62b5b9a6a5fcc5fe38d2

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe
Size

329KB
MD5

693671e27d751239b3fb6b597eccf2f4
SHA1

b39164e6d2cb5e7d646c2538e1b51fcf49b2fe2d
SHA256

f03e7c21254c4bce0267e60297d48e8fc0a6761a51ce62b5b9a6a5fcc5fe38d2
SHA512

e4d2e31ef495e29381ec6d8eee8b7ee70aa35e8ea439ef1fda5e73ded618a2b372e788f1f9e2c7c92c50e6c1633c892ce7ece57fa52c605f90ba9f2466c3d07c
SSDEEP

6144:1zW/KFKexXI7tRrKwyjg2ruu6rFxpSDg9SCN6IU24JUBH8:ltx4BRrKwyjg+uxYUAy6D2KUq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

setup.exe

pid process

3012 setup.exe

pid	process
3012	setup.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe

description	pid	process	target process
PID 4436 wrote to memory of 3012	4436	693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe	setup.exe
PID 4436 wrote to memory of 3012	4436	693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe	setup.exe
PID 4436 wrote to memory of 3012	4436	693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe	setup.exe
PID 4436 wrote to memory of 3012	4436	693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe	setup.exe
PID 4436 wrote to memory of 3012	4436	693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe	setup.exe

C:\Users\Admin\AppData\Local\Temp\693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\693671e27d751239b3fb6b597eccf2f4_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4436

C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe
"C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe"
2⤵
- Executes dropped EXE
PID:3012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4040 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:1348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\difC294.tmp

Filesize
829B

MD5
22dd980423bb3655bd89e6a9772bb501

SHA1
d0e2310bb964fccd42773b9a92a8c89518813022

SHA256
164b60c6b542ca256c51ef6737076eef1cdd15bda0a95c3f2c74dbffac316457

SHA512
9402179551c96a3cb7ba8a698fbeda67d15e1d66a253d32e4b9f58c8be51a7e6d7de4e8303d8434a8ba8ae0ffd67b02e08c3c81c72f0d514edaa54b2e5ce0ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\data.pck

Filesize
345KB

MD5
a9e61ee985ebf5db9351663ab8a1bfe4

SHA1
ac7cc946428329d1c6810de1c33d045329ee214e

SHA256
f9bbaa1aaa5108a676f2343934b3217882cf18a24b5673349df2e5a7e48bcdd8

SHA512
4645105769ed16eec35fb9b1f051c912280cdcf8ca8b42070bba396e76051371ee4f13f929030d66f17cfaeb6e3bd75f6e0f83dbf32aa3984d048d256bc42600

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\index.scr

Filesize
829B

MD5
81b45eecbbc6f73784a020513a56f8e8

SHA1
fbf22ba3c9b8cf077ffd89eed0291aa24857dee9

SHA256
9ce40677627c95d0b22c9a2596ee3614e455ad851d49b612cc134825a8ec016b

SHA512
5ffb101621bec253380e04e4b72240142ff0a821150eaa859389618ca19f9962668e9b5d8b486b0d155dccd5fd70ffadcd607eb848c867fdc83ba261550f98d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\puzzle.pzl

Filesize
60KB

MD5
f9e395cfa73797d59ea84b637bb35d05

SHA1
9d672ca726ee099cec4c48bd9a5da224e179c87b

SHA256
4c85efdb65f5b072bb0a58f71168cf1344e83f3026107f820c0861c8e85bf6e5

SHA512
bc548deec78bd43ed5cb04e92e37a1aebd365076adc83e48e66c57de2ab443310c7044cc9dca05d8384e3a8b5702e91554141f175019087b9b64ecf9fa9dd8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe

Filesize
304KB

MD5
61200441e7fae807bbc020d757466117

SHA1
4d575e2d302f10b2b0a5fa0eef1524c4e332d202

SHA256
ee8d5fec51d3e03d6ea1f90dad828bfcf0659bcab52cc61a356d86082ec8007d

SHA512
7551b47084efd743fe59ae0ebe044a7e8cd86f6c559e3e4c760bc0c97dc0945443a59e98eddc2b0c564bdd1c0720d168d8462e3b772f6019d9df93d091626c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\lang.ini

Filesize
10KB

MD5
cedfd1c79c51b026a3f87794150a5039

SHA1
d373440a1f2fd8581861d7b7090085c5484b6087

SHA256
ba5ef58a17d91c7f8f39d2da9e841a162c806269e6f2bb4b689a8e9b1d0a9a80

SHA512
f48718440741fbcd80cf5b764c20629f82a527e260cb31297d40cdce22e7c3ceaac69077dc54a87767a7eac2bc826fb8f9743273049d52b0891819a089808ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\skin.ini

Filesize
1KB

MD5
393a22419b84a1219194cd6542a23c93

SHA1
f480bbfb8009844782366a3dec2ad23266dc48bc

SHA256
c46fe077a9206c75b2a6068dd6929c09df9bc616adb3caf7f1443a90f0276468

SHA512
beadbda583bf63e31a247ddcea59d7033f6cfd385e6d6bf3fc3884855ddf4b04d05f1d739f36a19319263951605bdfc00a4cc11380d978ffe2b28d4c3d35bee4

Download Submit