23c59414c0561ed147c96f4c6ada242338fb68e495e8faa71a8e7891aa3968df

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
Size

1.1MB
MD5

70edbb6fa8397418364b0441922a165f
SHA1

3c2e086fc6d479a862ee2356f3caf262f796beb0
SHA256

23c59414c0561ed147c96f4c6ada242338fb68e495e8faa71a8e7891aa3968df
SHA512

6d2a786026da8459611bc023e4eea00f6af1d8626f685b533fff983b9f5122b9749e48596c734fbf7c03fea1ae67b12daa6efbd515edc777722d8171bb6be516
SSDEEP

24576:AKnxgrmT26nNwmlH2YmiXFKZTXQ6Nvx4C8IhbdhV:JAmTDnK+2YmiXgZTr5bbdhV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2180	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
1708	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2180 set thread context of 2692	2180	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	29

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2180	1708	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2180	1708	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2180	1708	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2180	1708	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2180	1708	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2180	1708	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	28
PID 1708 wrote to memory of 2180	1708	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	28
PID 2180 wrote to memory of 2692	2180	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	29
PID 2180 wrote to memory of 2692	2180	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	29
PID 2180 wrote to memory of 2692	2180	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	29
PID 2180 wrote to memory of 2692	2180	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	29
PID 2180 wrote to memory of 2692	2180	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe /q"C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}" /IS_temp
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\system32\explorer.exe
    3⤵
    PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe

Filesize
1.1MB

MD5
70edbb6fa8397418364b0441922a165f

SHA1
3c2e086fc6d479a862ee2356f3caf262f796beb0

SHA256
23c59414c0561ed147c96f4c6ada242338fb68e495e8faa71a8e7891aa3968df

SHA512
6d2a786026da8459611bc023e4eea00f6af1d8626f685b533fff983b9f5122b9749e48596c734fbf7c03fea1ae67b12daa6efbd515edc777722d8171bb6be516

Download Submit
C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\_ISMSIDEL.INI

Filesize
208B

MD5
12a64bfd1b6b8322d641fdb3779cbc58

SHA1
c136cb90b5ddb4682d7436ac7fd96d81e88c18d4

SHA256
d40ac03cc20db67c57afcf6b7de66b69df37b72d54e928b99ea24547e0a10ec2

SHA512
f40edbc1b838a4e55fdf162ac717274d4366627fafc14185d56f042d8e8165c3a8d582d98fa8420f2794972f5893da8a039c411786bf946b40e47237cd41f692

Download Submit
C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\_ISMSIDEL.INI

Filesize
20B

MD5
db9af7503f195df96593ac42d5519075

SHA1
1b487531bad10f77750b8a50aca48593379e5f56

SHA256
0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

SHA512
6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{86F7BEF6-5117-4618-84F8-028FF027CD5C}\_ISMSIDEL.INI

Filesize
756B

MD5
f2b6fff0d6a5a1f2693e9c130963b53b

SHA1
4f365a3d4939861e5ec2c6ac03125f4839e999fe

SHA256
f6e357d92f0c05f5557615708ac9ddd723d507854d5a8b7033b6c1e08e0ba898

SHA512
30d744c808697382ead6cf7273aeeb7b930257ac7918b8ded378e776b043a14bf3df31d385c3b3899b504a6a511547b1a9cff5ac9b9de8af54444094f7f30607

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads