d5caafc69b97bea7eecb9f562faff45ba8bfa2e618f9ee081d19a0ac172c005a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe
Size

263KB
MD5

8b10cbc0837685bd1154774495a3793b
SHA1

5a26798ace5b79316976122bb6e62364acef8f05
SHA256

d5caafc69b97bea7eecb9f562faff45ba8bfa2e618f9ee081d19a0ac172c005a
SHA512

32746427401b1fc809d59824bf7b0ef1969f46cf8e26c522dff3cf10bb555701417ec1f0606657860f8560ecca993311c5a36d92dcc737eb156b1ec3718dc54f
SSDEEP

6144:bRgym92YGB+40vPLGPAJQntXC1WzEk/UKmODwwPASrDl:d6fu+40vPFQntSgzvDwUrB

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2808	winvnc.exe

Loads dropped DLL 5 IoCs

pid	Process
2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe
2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe
2808	winvnc.exe
2808	winvnc.exe
2808	winvnc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2808	2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2808	2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2808	2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2808	2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2808	2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2808	2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2808	2380	8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8b10cbc0837685bd1154774495a3793b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\7zS14E8.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS14E8.tmp\background.bmp

Filesize
1KB

MD5
6ce6e5fcf1a56b80f4ffa6f685d4329d

SHA1
91780868c241e83754003855407805c0cda20254

SHA256
6fcc92e281d25569d300297ef79a5796bc5e0c226aa35624dd6a9f38b8413402

SHA512
7af21c8840f56c5ded22161504dd3d6c282ad83a0fb1f711fccfc7d87676de3036120e60e2c0e57fb998a0dcfe512950d3f16e0bdcb493d37a681f31b8cb399f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS14E8.tmp\helpdesk.txt

Filesize
2KB

MD5
d88b7fd99a66eed7aa7f22ad9d9371c1

SHA1
83791620bdb20cb9a55c7bd4f00fc41a375bd77c

SHA256
cd6a4095867440809f6e81fe7602c2cd59932359adc416a800b9018dc4ea76c6

SHA512
970b0424b1e61aba43ef89c67043c6d710ffb76b0ce8f70d66118051261e1178917c080454f8600afe5451365879d5d19b012a97b27e9cfda6b1b007ce43d6c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS14E8.tmp\logo.bmp

Filesize
35KB

MD5
8e0ca1910a8c92f81bcc19be5fc54a36

SHA1
76673e357006d854894794fbf1677ec6c9845bd1

SHA256
f9838e72f87083f1f5c974787c83f8ab11b1cefea2eec2a0ad29f76224f0ac61

SHA512
05bb5a130904f6736942d0409ec4dd8de2b501de2289f8ec275a70418537eb8261aa8abeaf748a32186ba52e552a3344e07f1b15fb60fd4567d90a633f361de2

Download Submit
\Users\Admin\AppData\Local\Temp\7zS14E8.tmp\winvnc.exe

Filesize
269KB

MD5
8ff25e4b8c0a4aec49a005bf1ed2e613

SHA1
ef4093f398118522835baffbeb39745b2df8dcda

SHA256
860777b8000eca16cdd2dd0ef1d26e0d237f784af99cdc44830f894470e53907

SHA512
bce97043bfa01ccedf0901e3beafcf782934d9c2fdb2424cf7081cfc77edb6a65150701d74490d8764a4e8b5e150f03e61388efd99f9099f2bdc921150dd8037

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads