22d459afd48de8ee855a054899e718e0e64a4a3e96e87accb95ca5d948ec052a

Analysis

max time kernel
129s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d48693105fb33c03270878916b2e357_JaffaCakes118.exe
Size

792KB
MD5

6d48693105fb33c03270878916b2e357
SHA1

da637a0613f56a32a6f32a2bb417ad0f19618cc5
SHA256

22d459afd48de8ee855a054899e718e0e64a4a3e96e87accb95ca5d948ec052a
SHA512

455110bb106043772b22332248343992c2dd01c2916142b39883394d36f890c361a5524b3425de799f02c7d5a5cc851339938fd76fa6b46b41d323967b915f80
SSDEEP

12288:TgqkazPQCPgNfY7mXgAu7YNJ03It4FFRSNTrnKR3ajgANxPavobsCcL+asg9CIXz:TgTOPQCeC4Xu0fg+Oq/zkAN/beLAqj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3148	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
2604	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 3148	624	6d48693105fb33c03270878916b2e357_JaffaCakes118.exe	83
PID 624 wrote to memory of 3148	624	6d48693105fb33c03270878916b2e357_JaffaCakes118.exe	83
PID 624 wrote to memory of 3148	624	6d48693105fb33c03270878916b2e357_JaffaCakes118.exe	83
PID 3148 wrote to memory of 2604	3148	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp	84
PID 3148 wrote to memory of 2604	3148	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp	84
PID 3148 wrote to memory of 2604	3148	6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp	84

C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:624
- C:\Users\Admin\AppData\Local\Temp\is-CU4P0.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-CU4P0.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$401EC,737890,54272,C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3148
- - C:\Users\Admin\AppData\Local\Temp\is-E2H99.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-E2H99.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$50212,55867,54272,C:\Users\Admin\AppData\Local\Temp\is-CU4P0.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp" /SL5="$401EC,737890,54272,C:\Users\Admin\AppData\Local\Temp\6d48693105fb33c03270878916b2e357_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-CU4P0.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp

Filesize
84KB

MD5
eb4852a5c32500f33de8433107285351

SHA1
bf489592c9aaf5f0a96e85e3697365401c217285

SHA256
5a0f4e17ba1b79436399756942cecd4561b59c51456f1e10a1411b9440d10b42

SHA512
550e139514df11169a8f19975e764b3a69dd970c1053e246b8e1f8a1d459125abaa5d966221a5dc5a8eacb460b158fd4cffa5f74e6c93857e672789f49c7e866

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E2H99.tmp\6d48693105fb33c03270878916b2e357_JaffaCakes118.tmp

Filesize
53KB

MD5
9d59794131059cdc5948e43e3ff7f7d8

SHA1
68d3d3b9508e126e701e528964fc379ecf5d696d

SHA256
f6d23d64cc0c90976d67d69085ddc0ec24e68e4998a44ef516b26458bdbbe038

SHA512
0e17f9762128567bd33e33bd98f1513fc7ed97a929e5714ede6bafadbf2f6c0e1cd66ac295019b65549ae949fd0c966f5420042b7f4ea4872e0e1d25cce40466

Download Submit
memory/624-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/624-3-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/624-20-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2604-14-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2604-16-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2604-18-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3148-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3148-10-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3148-19-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads