22d459afd48de8ee855a054899e718e0e64a4a3e96e87accb95ca5d948ec052a

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d48693105fb33c03270878916b2e357_JaffaCakes118.exe
Size

792KB
MD5

6d48693105fb33c03270878916b2e357
SHA1

da637a0613f56a32a6f32a2bb417ad0f19618cc5
SHA256

22d459afd48de8ee855a054899e718e0e64a4a3e96e87accb95ca5d948ec052a
SHA512

455110bb106043772b22332248343992c2dd01c2916142b39883394d36f890c361a5524b3425de799f02c7d5a5cc851339938fd76fa6b46b41d323967b915f80
SSDEEP

12288:TgqkazPQCPgNfY7mXgAu7YNJ03It4FFRSNTrnKR3ajgANxPavobsCcL+asg9CIXz:TgTOPQCeC4Xu0fg+Oq/zkAN/beLAqj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2036	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
2328	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp

Loads dropped DLL 2 IoCs

pid	Process
1728	6d48693105fb33c03270878916b2e357_JaffaCakes118.exe
2036	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2036	1728	6d48693105fb33c03270878916b2e357_JaffaCakes118.exe	28
PID 1728 wrote to memory of 2036	1728	6d48693105fb33c03270878916b2e357_JaffaCakes118.exe	28
PID 1728 wrote to memory of 2036	1728	6d48693105fb33c03270878916b2e357_JaffaCakes118.exe	28
PID 1728 wrote to memory of 2036	1728	6d48693105fb33c03270878916b2e357_JaffaCakes118.exe	28
PID 2036 wrote to memory of 2328	2036	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp	29
PID 2036 wrote to memory of 2328	2036	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp	29
PID 2036 wrote to memory of 2328	2036	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp	29
PID 2036 wrote to memory of 2328	2036	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp	29

C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\is-2IOM8.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2IOM8.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$4010A,737890,54272,C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\is-6RQ7B.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-6RQ7B.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$60126,55867,54272,C:\Users\Admin\AppData\Local\Temp\is-2IOM8.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$4010A,737890,54272,C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-2IOM8.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp

Filesize
84KB

MD5
eb4852a5c32500f33de8433107285351

SHA1
bf489592c9aaf5f0a96e85e3697365401c217285

SHA256
5a0f4e17ba1b79436399756942cecd4561b59c51456f1e10a1411b9440d10b42

SHA512
550e139514df11169a8f19975e764b3a69dd970c1053e246b8e1f8a1d459125abaa5d966221a5dc5a8eacb460b158fd4cffa5f74e6c93857e672789f49c7e866

Download Submit
\Users\Admin\AppData\Local\Temp\is-6RQ7B.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp

Filesize
53KB

MD5
9d59794131059cdc5948e43e3ff7f7d8

SHA1
68d3d3b9508e126e701e528964fc379ecf5d696d

SHA256
f6d23d64cc0c90976d67d69085ddc0ec24e68e4998a44ef516b26458bdbbe038

SHA512
0e17f9762128567bd33e33bd98f1513fc7ed97a929e5714ede6bafadbf2f6c0e1cd66ac295019b65549ae949fd0c966f5420042b7f4ea4872e0e1d25cce40466

Download Submit
memory/1728-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1728-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/1728-24-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2036-8-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2036-11-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2036-23-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2328-17-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2328-20-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2328-21-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads