db695884c1ebe37258ce280ee863f9274cb5e7a5691c566cb3d50629f5dd4512

Analysis

max time kernel
141s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.exe
Size

7.3MB
MD5

b436166965c74ecdac8d78afb0f37e9e
SHA1

ada9315e77a7f044e0c58369a0219c3495730f7b
SHA256

db695884c1ebe37258ce280ee863f9274cb5e7a5691c566cb3d50629f5dd4512
SHA512

a8d60e0ec5a59b2086af1ea7310e18d855c48fa3ecab34447f7ee65f9312a033ad86544f1eec6af33c5c6a3fd2e9ec62221f7d0e112d758ffabdf9dc81331c2e
SSDEEP

196608:a6oTw7tLiwqAA5RsOcqXM6xaKWBB6KWA/CzxYB/3dul3KzQ:a3Tgiwqz5RsO3MrpqjA/m00wU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
320	b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.tmp

Loads dropped DLL 2 IoCs

pid	Process
320	b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.tmp
320	b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 320	2068	b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.exe	83
PID 2068 wrote to memory of 320	2068	b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.exe	83
PID 2068 wrote to memory of 320	2068	b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\is-C56FB.tmp\b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-C56FB.tmp\b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.tmp" /SL5="$401E6,7098385,189952,C:\Users\Admin\AppData\Local\Temp\b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-96LFR.tmp\Fusion.dll

Filesize
862KB

MD5
f121825d1dfb8e60a3fa6cec878321ac

SHA1
e9261d192612a826e86bdf196cf3e81ceda140f0

SHA256
c0929911e1ec663028a44cd9d2f9f58ceeb7c6afe793e9ba90682b99448294ed

SHA512
63c1dc54dba793be9f99460cca04bf65260e463e39fd83c78146101b2d5a95d721c46d274d5257bd1e150b6b72d95927786ffd56d0b8230dce599dc350af339c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C56FB.tmp\b436166965c74ecdac8d78afb0f37e9e_JaffaCakes118.tmp

Filesize
1.2MB

MD5
67b4d453f0713174bbb1db2eba8c861a

SHA1
b68459cfcb4a487c3fef02b99c07e8dc22419ae3

SHA256
14f53048003be484f0807ccd1c5f4aed93cec854ebbd6222d792c7a329204b56

SHA512
4c06e434b532f5f5bb9de84bbf402e30027d587124b1a604a77b5d2f3fc589ce8730e2d3c4723eaef07059fb26ed2bf9ba1bed35f4be7007b0fb1971ebe8a7a2

Download Submit
memory/320-6-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/320-12-0x00000000032A0000-0x000000000337C000-memory.dmp

Filesize
880KB

Download
memory/320-15-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/320-16-0x00000000032A0000-0x000000000337C000-memory.dmp

Filesize
880KB

Download
memory/320-22-0x00000000032A0000-0x000000000337C000-memory.dmp

Filesize
880KB

Download
memory/2068-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2068-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2068-14-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads