23c59414c0561ed147c96f4c6ada242338fb68e495e8faa71a8e7891aa3968df

Analysis

max time kernel
132s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
Size

1.1MB
MD5

70edbb6fa8397418364b0441922a165f
SHA1

3c2e086fc6d479a862ee2356f3caf262f796beb0
SHA256

23c59414c0561ed147c96f4c6ada242338fb68e495e8faa71a8e7891aa3968df
SHA512

6d2a786026da8459611bc023e4eea00f6af1d8626f685b533fff983b9f5122b9749e48596c734fbf7c03fea1ae67b12daa6efbd515edc777722d8171bb6be516
SSDEEP

24576:AKnxgrmT26nNwmlH2YmiXFKZTXQ6Nvx4C8IhbdhV:JAmTDnK+2YmiXgZTr5bbdhV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2328	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2328 set thread context of 1808	2328	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	97

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2328	2812	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	84
PID 2812 wrote to memory of 2328	2812	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	84
PID 2812 wrote to memory of 2328	2812	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	84
PID 2328 wrote to memory of 1808	2328	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	97
PID 2328 wrote to memory of 1808	2328	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	97
PID 2328 wrote to memory of 1808	2328	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	97
PID 2328 wrote to memory of 1808	2328	70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe	97

C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\{809C933C-0758-4DAB-9D8B-939101F6AAFE}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\{809C933C-0758-4DAB-9D8B-939101F6AAFE}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe /q"C:\Users\Admin\AppData\Local\Temp\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{809C933C-0758-4DAB-9D8B-939101F6AAFE}" /IS_temp
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\system32\explorer.exe
    3⤵
    PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{809C933C-0758-4DAB-9D8B-939101F6AAFE}\70edbb6fa8397418364b0441922a165f_JaffaCakes118.exe

Filesize
1.1MB

MD5
70edbb6fa8397418364b0441922a165f

SHA1
3c2e086fc6d479a862ee2356f3caf262f796beb0

SHA256
23c59414c0561ed147c96f4c6ada242338fb68e495e8faa71a8e7891aa3968df

SHA512
6d2a786026da8459611bc023e4eea00f6af1d8626f685b533fff983b9f5122b9749e48596c734fbf7c03fea1ae67b12daa6efbd515edc777722d8171bb6be516

Download Submit
C:\Users\Admin\AppData\Local\Temp\{809C933C-0758-4DAB-9D8B-939101F6AAFE}\_ISMSIDEL.INI

Filesize
20B

MD5
db9af7503f195df96593ac42d5519075

SHA1
1b487531bad10f77750b8a50aca48593379e5f56

SHA256
0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

SHA512
6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{809C933C-0758-4DAB-9D8B-939101F6AAFE}\_ISMSIDEL.INI

Filesize
756B

MD5
ad8839c0848f0ed5aff064a462354a8c

SHA1
5dd3014437e3bc56a1628e3080ef7f565ed592dd

SHA256
be80f0b4b7fd17859823f6e6188a940091bd87aff4c4b7d7dad50bcbcef0c5ae

SHA512
ccd9eefabe0fca1e3cea1074e7d7696906e4749fbe86351c00915d4a7fb7d9dbbe38cf9a45cd6c0c18650aa4c49fd19b6da402ab3a5ece126d9ca4b2664b6cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{809C933C-0758-4DAB-9D8B-939101F6AAFE}\_ISMSIDEL.INI

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads