604e3701ee9c12ccc9fe6addee3f778fe418ce7e1ff55e47b8d1838b4ff11384

Analysis

max time kernel
142s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.exe
Size

2.7MB
MD5

9847b8fb6f07a309481040d71bf50a2e
SHA1

4b6b2b87bd874834c7ab1fcb4ba27fc43588ed73
SHA256

604e3701ee9c12ccc9fe6addee3f778fe418ce7e1ff55e47b8d1838b4ff11384
SHA512

ff0d35cbcca0bf5f99d7d7cf5f4786b0b230e1cf86166b8d0c06e35cc12486af889f540a05b41e21a83f245a3c451da0758445f3355195d5aea6bb8934b5340e
SSDEEP

49152:d75tM5lcmO+X5w47RNqpCT0gD3QmOvlQEtm6E6Fmh1tzpjBMq4+awoV/V:F5zD+X5xNQC0jDvlgUFYh3dpro9V

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1856	9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.tmp

Loads dropped DLL 3 IoCs

pid	Process
1856	9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.tmp
1856	9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.tmp
1856	9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1856	9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 1856	3556	9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.exe	90
PID 3556 wrote to memory of 1856	3556	9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.exe	90
PID 3556 wrote to memory of 1856	3556	9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.exe	90

C:\Users\Admin\AppData\Local\Temp\9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Users\Admin\AppData\Local\Temp\is-NKHET.tmp\9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NKHET.tmp\9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.tmp" /SL5="$701E8,2429047,350720,C:\Users\Admin\AppData\Local\Temp\9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4332,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=3128 /prefetch:8
1⤵
PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4FM25.tmp\Vista.cjstyles

Filesize
728KB

MD5
04915d39840c9406d1e9347c0eafd7b7

SHA1
435056f42e1e18e187d4abbb6d755c1a4f309f6d

SHA256
cc26d305824288a1c43c1c35cf8f456c5b19effaa39475f5179d372c4a06eef5

SHA512
677476971f40c8f4cc8bd67a9929e21d93802c376ab67670f5a4e9760339796cf872644920d26118631c44857ac254aaf62b0d3fbc7d04ddd30cb04d99f80185

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4FM25.tmp\isskin.dll

Filesize
385KB

MD5
92c2e247392e0e02261dea67e1bb1a5e

SHA1
db72fed8771364bf8039b2bc83ed01dda2908554

SHA256
25fdb94e386f8a41f10aba00ed092a91b878339f8e256a7252b11169122b0a68

SHA512
e938d2a1870ccb437d818b5301e6ecffaa6efbf4f0122e1a1ae0981057d7d0376039ea927c6fd326456da2d6904803fca26b87245367a4c5de2aebc47bdcd4b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NKHET.tmp\9847b8fb6f07a309481040d71bf50a2e_JaffaCakes118.tmp

Filesize
995KB

MD5
4858e3c422bd942631d1b9a911fe4177

SHA1
8fd3e1773b3a8b0e280fdb1a0cbb5edcc72566af

SHA256
016e89879ca116f4cf1c6c1bb3423a3e14b63e79de1d433926693a76ae397898

SHA512
683c04faa7e1956d3391d012b28d4ea079c040b4e1a8742ab12d1746695d3d55f2c18257e113706c9aa017d8606d6326a5dc3bfa672238093f6234a2cb5e3160

Download Submit
memory/1856-6-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1856-33-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-46-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-62-0x0000000074B70000-0x0000000074D80000-memory.dmp

Filesize
2.1MB

Download
memory/1856-77-0x0000000075450000-0x0000000075A03000-memory.dmp

Filesize
5.7MB

Download
memory/1856-76-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-75-0x0000000074B70000-0x0000000074D80000-memory.dmp

Filesize
2.1MB

Download
memory/1856-74-0x0000000075450000-0x0000000075A03000-memory.dmp

Filesize
5.7MB

Download
memory/1856-73-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-72-0x0000000073C10000-0x0000000073D34000-memory.dmp

Filesize
1.1MB

Download
memory/1856-71-0x0000000074AF0000-0x0000000074B64000-memory.dmp

Filesize
464KB

Download
memory/1856-70-0x0000000074B70000-0x0000000074D80000-memory.dmp

Filesize
2.1MB

Download
memory/1856-69-0x0000000075D70000-0x0000000075E1F000-memory.dmp

Filesize
700KB

Download
memory/1856-68-0x0000000075450000-0x0000000075A03000-memory.dmp

Filesize
5.7MB

Download
memory/1856-67-0x00000000760A0000-0x0000000076183000-memory.dmp

Filesize
908KB

Download
memory/1856-66-0x00000000764E0000-0x00000000765BC000-memory.dmp

Filesize
880KB

Download
memory/1856-65-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-64-0x0000000073C10000-0x0000000073D34000-memory.dmp

Filesize
1.1MB

Download
memory/1856-63-0x0000000074AF0000-0x0000000074B64000-memory.dmp

Filesize
464KB

Download
memory/1856-61-0x0000000075D70000-0x0000000075E1F000-memory.dmp

Filesize
700KB

Download
memory/1856-59-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-58-0x0000000073C10000-0x0000000073D34000-memory.dmp

Filesize
1.1MB

Download
memory/1856-57-0x0000000074AF0000-0x0000000074B64000-memory.dmp

Filesize
464KB

Download
memory/1856-56-0x0000000075FC0000-0x0000000075FE5000-memory.dmp

Filesize
148KB

Download
memory/1856-55-0x0000000074B70000-0x0000000074D80000-memory.dmp

Filesize
2.1MB

Download
memory/1856-54-0x0000000075D70000-0x0000000075E1F000-memory.dmp

Filesize
700KB

Download
memory/1856-53-0x0000000075450000-0x0000000075A03000-memory.dmp

Filesize
5.7MB

Download
memory/1856-52-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-51-0x0000000073C10000-0x0000000073D34000-memory.dmp

Filesize
1.1MB

Download
memory/1856-50-0x0000000074AF0000-0x0000000074B64000-memory.dmp

Filesize
464KB

Download
memory/1856-49-0x0000000074B70000-0x0000000074D80000-memory.dmp

Filesize
2.1MB

Download
memory/1856-48-0x0000000075D70000-0x0000000075E1F000-memory.dmp

Filesize
700KB

Download
memory/1856-47-0x0000000075450000-0x0000000075A03000-memory.dmp

Filesize
5.7MB

Download
memory/1856-60-0x0000000075450000-0x0000000075A03000-memory.dmp

Filesize
5.7MB

Download
memory/1856-40-0x00000000760A0000-0x0000000076183000-memory.dmp

Filesize
908KB

Download
memory/1856-39-0x00000000764E0000-0x00000000765BC000-memory.dmp

Filesize
880KB

Download
memory/1856-38-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-37-0x0000000074B70000-0x0000000074D80000-memory.dmp

Filesize
2.1MB

Download
memory/1856-45-0x0000000073C10000-0x0000000073D34000-memory.dmp

Filesize
1.1MB

Download
memory/1856-44-0x0000000074AF0000-0x0000000074B64000-memory.dmp

Filesize
464KB

Download
memory/1856-43-0x0000000074B70000-0x0000000074D80000-memory.dmp

Filesize
2.1MB

Download
memory/1856-42-0x0000000075D70000-0x0000000075E1F000-memory.dmp

Filesize
700KB

Download
memory/1856-41-0x0000000075450000-0x0000000075A03000-memory.dmp

Filesize
5.7MB

Download
memory/1856-36-0x0000000075D70000-0x0000000075E1F000-memory.dmp

Filesize
700KB

Download
memory/1856-35-0x0000000075450000-0x0000000075A03000-memory.dmp

Filesize
5.7MB

Download
memory/1856-34-0x00000000760A0000-0x0000000076183000-memory.dmp

Filesize
908KB

Download
memory/1856-32-0x0000000073C10000-0x0000000073D34000-memory.dmp

Filesize
1.1MB

Download
memory/1856-31-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-29-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-28-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-27-0x0000000073DD0000-0x0000000073E00000-memory.dmp

Filesize
192KB

Download
memory/1856-25-0x0000000075EA0000-0x0000000075F1A000-memory.dmp

Filesize
488KB

Download
memory/1856-26-0x0000000075FC0000-0x0000000075FE5000-memory.dmp

Filesize
148KB

Download
memory/1856-24-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-22-0x0000000075EA0000-0x0000000075F1A000-memory.dmp

Filesize
488KB

Download
memory/1856-23-0x0000000075FC0000-0x0000000075FE5000-memory.dmp

Filesize
148KB

Download
memory/1856-21-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-30-0x0000000075FC0000-0x0000000075FE5000-memory.dmp

Filesize
148KB

Download
memory/1856-20-0x0000000075EA0000-0x0000000075F1A000-memory.dmp

Filesize
488KB

Download
memory/1856-19-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-16-0x0000000075EA0000-0x0000000075F1A000-memory.dmp

Filesize
488KB

Download
memory/1856-18-0x0000000075EA0000-0x0000000075F1A000-memory.dmp

Filesize
488KB

Download
memory/1856-17-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1856-170-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/3556-0-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/3556-3-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads