eebaa8e88cf692a7211ef3e6b69af16534a6f42bcf37a526e9e989e3ba67341c

Analysis

max time kernel
140s
max time network
147s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe
Size

361KB
MD5

04d231e558ce6693152aa27529aefaa6
SHA1

854309f5a089a0acc00ac30fc20b13c944d55d09
SHA256

eebaa8e88cf692a7211ef3e6b69af16534a6f42bcf37a526e9e989e3ba67341c
SHA512

98be47a6576e45b78bf23300da075ff5b977053e478cbeaed8e4224e96af2b003782abde19c93a195005197a51c955d37954fac38e3a06e38675efff2ee0d7d7
SSDEEP

6144:+3hcZaHRF2idZecnl20lHRxp3gpFicV4RFxrX4xXNtHKoyCCOlyTiVm2GkyZ3:ShuYF3Z4mxxWic6o9ozQVm2Gku

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2176	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2788	opin.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\opin.exe	04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\opin.exe	04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2176	1680	04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe	29
PID 1680 wrote to memory of 2176	1680	04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe	29
PID 1680 wrote to memory of 2176	1680	04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe	29
PID 1680 wrote to memory of 2176	1680	04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04d231e558ce6693152aa27529aefaa6_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\delmeexe.bat
  2⤵
  - Deletes itself
  PID:2176

C:\Windows\SysWOW64\opin.exe
C:\Windows\SysWOW64\opin.exe
1⤵
- Executes dropped EXE
PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\delmeexe.bat

Filesize
235B

MD5
a995c2f569fbf84e4d78184babea5a6a

SHA1
cde6cac463ec4d59c21c7c3cf3d9928e9c4913dd

SHA256
bc6dbbd6cbad17293f4c3c73d2f4dcbb9921b08c11f87c75e4d978b487c8a71c

SHA512
05d14bc1b1827509d5d351bb819b407767ca38b6708d9d4c1e103fdaf7154ffcdcc3891fdaa4b9826b6f79a0dcc471127a1b3917d3fbf22a91aeedf786eb5f1e

Download Submit
C:\Windows\SysWOW64\opin.exe

Filesize
361KB

MD5
04d231e558ce6693152aa27529aefaa6

SHA1
854309f5a089a0acc00ac30fc20b13c944d55d09

SHA256
eebaa8e88cf692a7211ef3e6b69af16534a6f42bcf37a526e9e989e3ba67341c

SHA512
98be47a6576e45b78bf23300da075ff5b977053e478cbeaed8e4224e96af2b003782abde19c93a195005197a51c955d37954fac38e3a06e38675efff2ee0d7d7

Download Submit
memory/1680-34-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-16-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1680-18-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1680-37-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-36-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-35-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-50-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/1680-46-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-45-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-44-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-43-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-42-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-41-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-40-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-39-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/1680-53-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/1680-33-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-54-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/1680-32-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-31-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-30-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-29-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-28-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-27-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-26-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-25-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-24-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-22-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-21-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-20-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-19-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-38-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-23-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1680-9-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/1680-15-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1680-14-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1680-13-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1680-12-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1680-11-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1680-10-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/1680-17-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1680-8-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/1680-7-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/1680-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1680-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1680-4-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/1680-2-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/1680-3-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/1680-69-0x0000000000300000-0x0000000000354000-memory.dmp

Filesize
336KB

Download
memory/1680-1-0x0000000000300000-0x0000000000354000-memory.dmp

Filesize
336KB

Download
memory/1680-68-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-80-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-83-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-72-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-73-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-74-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-56-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-78-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-77-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-71-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-76-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-81-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-82-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-75-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2788-84-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads