4a408a2e04873171627e27a9a20104897532a89047a9270e74f1f093a58d96dc

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0533b69d741773439f14d7808e58c559_JaffaCakes118.exe
Size

685KB
MD5

0533b69d741773439f14d7808e58c559
SHA1

0e18afa8cb2f24798fdb1651d71d19b42d40e744
SHA256

4a408a2e04873171627e27a9a20104897532a89047a9270e74f1f093a58d96dc
SHA512

c83c4449b8bca37804b0ff4b4c9b4cfb0b41c9283d378ab425e3ce1144821f82c8421525df32eb525a80ecb2b3f95ef46016bf76e6870d4275e44ebcd4266159
SSDEEP

12288:YQBB+PpV8eiQIHprnZb27VNLpHGgmzkF3Z4mxxGtBfuTGKExGRZSon:YRviNHFnZyR3Hk4QmXimTkID

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2564	1433.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	0533b69d741773439f14d7808e58c559_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2564	2008	0533b69d741773439f14d7808e58c559_JaffaCakes118.exe	81
PID 2008 wrote to memory of 2564	2008	0533b69d741773439f14d7808e58c559_JaffaCakes118.exe	81
PID 2008 wrote to memory of 2564	2008	0533b69d741773439f14d7808e58c559_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\0533b69d741773439f14d7808e58c559_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0533b69d741773439f14d7808e58c559_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1433.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1433.exe
  2⤵
  - Executes dropped EXE
  PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1433.exe

Filesize
743KB

MD5
b16487f2584769da1fb7c3f210fb67b2

SHA1
95b5636d918db5d6ba2afea0faeb1ace661fa330

SHA256
f55dc032720027c7a18e346471b01294f145ec8935a62dc9902d8548ad2eb42d

SHA512
2201fc766ca8ac3b689377c15373e3fc3dae98b6ca0d14bfd7a1e2e68f964361c9495f5f8b8afe283f8be9f44e0ea189e07328677ad26ba39d6e008afbbdf2d5

Download Submit
memory/2008-0-0x0000000001000000-0x0000000001110000-memory.dmp

Filesize
1.1MB

Download
memory/2008-1-0x0000000000690000-0x00000000006E4000-memory.dmp

Filesize
336KB

Download
memory/2008-2-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/2008-85-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-84-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-83-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-82-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-81-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-80-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-79-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-78-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-77-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-76-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-75-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-74-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-73-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-72-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-71-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-70-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-69-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-68-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-67-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-66-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-65-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-94-0x0000000000690000-0x00000000006E4000-memory.dmp

Filesize
336KB

Download
memory/2008-93-0x0000000001000000-0x0000000001110000-memory.dmp

Filesize
1.1MB

Download
memory/2008-64-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-63-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-62-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-61-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-60-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-59-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-58-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-57-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-56-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-55-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-54-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-53-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-52-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-51-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-50-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-49-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-48-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-47-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/2008-46-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/2008-45-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

Filesize
4KB

Download
memory/2008-44-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

Filesize
4KB

Download
memory/2008-43-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/2008-42-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-41-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/2008-40-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/2008-39-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/2008-38-0x0000000000C60000-0x0000000000C61000-memory.dmp

Filesize
4KB

Download
memory/2008-37-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/2008-36-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download
memory/2008-35-0x0000000000C70000-0x0000000000C71000-memory.dmp

Filesize
4KB

Download
memory/2008-34-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/2008-33-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/2008-32-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-31-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-30-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-29-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/2008-28-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-27-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-26-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-25-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-24-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-23-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-22-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-21-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-20-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-19-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-18-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-17-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-16-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-15-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/2008-14-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-13-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-12-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-11-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-10-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-9-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/2008-8-0x0000000000B90000-0x0000000000B91000-memory.dmp

Filesize
4KB

Download
memory/2008-7-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

Filesize
4KB

Download
memory/2008-6-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2008-5-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2008-4-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/2008-3-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads