Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 04:52
Static task
static1
Behavioral task
behavioral1
Sample
9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe
-
Size
5.5MB
-
MD5
9096cdb646048480919a4197cd91b8ad
-
SHA1
1e2915f52f3c070c0b3e4e4c4e40870190d9f504
-
SHA256
f62941697cff5603382d69f2b3ab76cccf4df6e65b36425f37efe14929b6e218
-
SHA512
fb1f7502721ecc0da4266ab6d4f4e5cdc51408fc859be0ac350a7b3188caa9187c6b27e6917afed74b6d0a2791996e3379d0c79ff8972919442dc1d873d35661
-
SSDEEP
98304:bXlqRe3iMtVKvdKUHgTlgnQTaRp38sY+qCpRt01qwh+sEC0Uj38rg2sdTG7AZr/M:bXlbiNd0ISg3pYNqafhR0a3oUTG8k8u
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1660 wrote to memory of 1980 1660 9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe 29 PID 1660 wrote to memory of 1980 1660 9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe 29 PID 1660 wrote to memory of 1980 1660 9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe 29 PID 1660 wrote to memory of 1980 1660 9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe 29 PID 1980 wrote to memory of 2496 1980 cmd.exe 30 PID 1980 wrote to memory of 2496 1980 cmd.exe 30 PID 1980 wrote to memory of 2496 1980 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C7F.tmp\C80.tmp\C81.bat C:\Users\Admin\AppData\Local\Temp\9096cdb646048480919a4197cd91b8ad_JaffaCakes118.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Windows\system32\mode.comMODE CON:COLS=50 LINES=203⤵PID:2496
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD551a2efdee76d1c9ef26ebe2b134027bf
SHA1c99550ddef26f188327625940a47b3ac1168589d
SHA25616406b3baf09a30ec080e469a4c7edf6909c0182df4945b6c8845937ed754f65
SHA5123c0e55c45834fb730d6d21e88a3b0dc0bdcd094e9c2be631bd5e89ccfc44fa9a89ef6c052c1c007506965c53bd04b55702d2e1831cde918774b267177618018c