ca4f5c21b8568d821ee22fc934aa78abb16bba38da285dc2b0da0e4f9b0bc80c

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe
Size

2.3MB
MD5

7ed7096165f46290cac4f0f170e54e30
SHA1

e11596b2fc05caeffafa537cd784b4d51d8ff99d
SHA256

ca4f5c21b8568d821ee22fc934aa78abb16bba38da285dc2b0da0e4f9b0bc80c
SHA512

c6b586244c5e4d3a63a533cd5cec713094380d6bba1b30b3361043ffbffdaa9432b48513f0288e45839b0f0b20053910fdd4a74e364b953a62d61387aaf031db
SSDEEP

49152:1siDVKWcZ+srXaMqKQBEoN6sUi1uEMd2zIFqyop:5cZjPloN6sUq2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp

Loads dropped DLL 10 IoCs

pid	Process
2288	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
1708	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1708	2288	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe	28
PID 2288 wrote to memory of 1708	2288	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe	28
PID 2288 wrote to memory of 1708	2288	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe	28
PID 2288 wrote to memory of 1708	2288	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe	28
PID 2288 wrote to memory of 1708	2288	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe	28
PID 2288 wrote to memory of 1708	2288	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe	28
PID 2288 wrote to memory of 1708	2288	7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\is-54M9I.tmp\7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-54M9I.tmp\7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp" /SL5="$70122,1913662,214528,C:\Users\Admin\AppData\Local\Temp\7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-54M9I.tmp\7ed7096165f46290cac4f0f170e54e30_JaffaCakes118.tmp

Filesize
1.2MB

MD5
cb33ff3204491fab4686d61710d3ea24

SHA1
32b89dbe761f7486c68d1767563d8ad1f08d99ef

SHA256
ff652f10ac6dbf8d4965f6624339c67e02715cf499ad8b26c1a683bd503e4136

SHA512
ed888d1f3cb5865217f4952edcc5cc592dac9f4efc1ef44b8de960425f49f6155cd3f9b663dd7b9b834210cc10c99119cb27b9a97cd747cf7991812b1d0e29d8

Download Submit
\Users\Admin\AppData\Local\Temp\is-KDQTL.tmp\ParsFrms.dll

Filesize
3.6MB

MD5
9db36dabb0411da19ff18f654a3132ac

SHA1
16830b4aa8c74a272e29d5e29091c7b4ff8279ae

SHA256
ee812c076f4873b5ff0078740a19497c5532d31d4eb38e352f2e7c349b1933f9

SHA512
a90965550e4230f8c25ca6e72a82f2ee4f85387359b5e04866021de6543a5dba78e04a725a998eab84b985748d03bb96f52652afce8d7323a69e3399ac2d0203

Download Submit
\Users\Admin\AppData\Local\Temp\is-KDQTL.tmp\ParsSplash.dll

Filesize
2.7MB

MD5
7f23997560c0469ec0b62440f423be6a

SHA1
63e82719205cb9951cba85cc40da43c22cb292fa

SHA256
023d0b1bab8a17905e7ce90a985b4097db8bf76cb83e4ddcafe4d28b5084ce20

SHA512
23df8d4f0152e4aa2b163ddb55f4b44c782a87e36a8c9a89eed8711732c857f99a21f906605c225821c917d73271890a886b087746fee1976fec29d180bbfae3

Download Submit
\Users\Admin\AppData\Local\Temp\is-KDQTL.tmp\Parscon.dll

Filesize
117KB

MD5
8e49aa85a7da6cd70eb7c15e4c828b4e

SHA1
973cdc9c10e71c0b07ef2d70a9fc30bb8cc72426

SHA256
57c40a9d2e592d968daa0f092abfa7abe2b41c47eb718adb770bd6930ec0dba4

SHA512
c7e0107d835bd83c7dbd666b5c768befbe303bbb126cbac905aa0c6bb91bcd0c99f03f780606fd8e23ef30b1976452d98f792107e7ed1dd6e630a99f148567f1

Download Submit
\Users\Admin\AppData\Local\Temp\is-KDQTL.tmp\Parsdwn.dll

Filesize
351KB

MD5
f33f723b7cbe4839518abcf840b514ac

SHA1
3bcc0d5f0614199e844050f16dac40cb26e564de

SHA256
874b45e494834b26a26b93cc8aa211e08aaf561cad149a25ded8418c5a59aa2c

SHA512
e7f7e1e477a8aaae039502825fdc2b329c6d1a9e2e081ecaae16aa265981cc8b23279cc2da3d81d65648e73b6fe0d5f27a5faa777cc9e717182903581f2d118d

Download Submit
\Users\Admin\AppData\Local\Temp\is-KDQTL.tmp\Parsec.dll

Filesize
291KB

MD5
2902d6187193278e2c57848db9d3f8b7

SHA1
fb4beb9474cf8b6d6b251faeb23afb68e16568d4

SHA256
9c358e08a19ac5d3e86321cf1b742cf06fadccaea48b00cfdd56fff7a3c9078b

SHA512
c2bdbed0aaa6093ed575c9098131de5c69418274c91032a23c91d0c96473a7d969891e5bc699a912c29a729e26997bda9d7ed484a13f4d3050061d4ab6af7e1b

Download Submit
\Users\Admin\AppData\Local\Temp\is-KDQTL.tmp\Parsin.dll

Filesize
177KB

MD5
b61daffc0ce79515781319460f43bde9

SHA1
2bf3d2f0a88ec6f27fbb4eab507ec5d7b3431446

SHA256
6969542e2233694b05b7267b6b78ee7f47e910c1ce170f901d05e48fe34d9ff6

SHA512
ba65ad680d7e214c9d2ae963e2e03664b1eacd1ba72a8fd657edd3c4d9ca64da4f68e85dc19d8e6a8719ee59218c5c649b159ba72f0102cecb5eec1e04e83f32

Download Submit
\Users\Admin\AppData\Local\Temp\is-KDQTL.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-KDQTL.tmp\idp.dll

Filesize
165KB

MD5
4af80b8a27320d5685f7b255efc7c2f3

SHA1
f0819580166790b745e4974c673d438ccd5a263f

SHA256
592331029546d61a2be697144840fb04a84bffb95608b1d2862fca5b8dabc357

SHA512
a1f719992f69e6c3f8f359259900d9a587cc02037812d8f4b8074a062c1efb68f274ef041c7898851580c207f4ab1fefd6c40f29748b4527283553de366ee77b

Download Submit
memory/1708-33-0x0000000005540000-0x00000000055A1000-memory.dmp

Filesize
388KB

Download
memory/1708-44-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/1708-25-0x0000000002150000-0x00000000021A3000-memory.dmp

Filesize
332KB

Download
memory/1708-62-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/1708-8-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/1708-37-0x0000000005A10000-0x0000000005DBA000-memory.dmp

Filesize
3.7MB

Download
memory/1708-48-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/1708-41-0x0000000006060000-0x000000000631B000-memory.dmp

Filesize
2.7MB

Download
memory/1708-43-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/1708-29-0x00000000003C0000-0x00000000003E6000-memory.dmp

Filesize
152KB

Download
memory/1708-52-0x0000000005A10000-0x0000000005DBA000-memory.dmp

Filesize
3.7MB

Download
memory/1708-50-0x00000000003C0000-0x00000000003E6000-memory.dmp

Filesize
152KB

Download
memory/1708-51-0x0000000005540000-0x00000000055A1000-memory.dmp

Filesize
388KB

Download
memory/1708-49-0x0000000002150000-0x00000000021A3000-memory.dmp

Filesize
332KB

Download
memory/1708-53-0x0000000006060000-0x000000000631B000-memory.dmp

Filesize
2.7MB

Download
memory/2288-47-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2288-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2288-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads