021f93eedff25b238cfaf1a46d0c14c4c3f1a6a900e496607e60427bce0a564e

Analysis

max time kernel
137s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe
Size

651KB
MD5

06254051a87de6f56d56e540c317cb8d
SHA1

175de6a4f210e192974866501de60098cd06e9cf
SHA256

021f93eedff25b238cfaf1a46d0c14c4c3f1a6a900e496607e60427bce0a564e
SHA512

8b6e7b014865ad0947524bdcde209e400a254bb7f9dda8577edf6832bcc140a56cc45a692b4cdcd0621b30b8ac5087472df504139e8858a8ce4a77577e558309
SSDEEP

12288:0D2FLluEmXVIeM1Tr+od+KF3Z4mxx20MHoTAFbcPK:0DPEQaF15+KQmX2K/P

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3424	guocyok88.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\guocyok88.exe	06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe
File opened for modification	C:\Windows\guocyok88.exe	06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe
File created	C:\Windows\Delete.BAT	06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1404	2508	WerFault.exe	82
4784	3424	WerFault.exe	92
1360	3424	WerFault.exe	92
432	2508	WerFault.exe	82
3388	3424	WerFault.exe	92
3800	3424	WerFault.exe	92

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 4408	2508	06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe	96
PID 2508 wrote to memory of 4408	2508	06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe	96
PID 2508 wrote to memory of 4408	2508	06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe	96
PID 3424 wrote to memory of 5104	3424	guocyok88.exe	103
PID 3424 wrote to memory of 5104	3424	guocyok88.exe	103

C:\Users\Admin\AppData\Local\Temp\06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06254051a87de6f56d56e540c317cb8d_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 516
  2⤵
  - Program crash
  PID:1404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\Delete.BAT
  2⤵
  PID:4408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 136
  2⤵
  - Program crash
  PID:432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2508 -ip 2508
1⤵
PID:1012

C:\Windows\guocyok88.exe
C:\Windows\guocyok88.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 528
  2⤵
  - Program crash
  PID:4784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 636
  2⤵
  - Program crash
  PID:1360
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 656
  2⤵
  - Program crash
  PID:3388
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:5104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 676
  2⤵
  - Program crash
  PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3424 -ip 3424
1⤵
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3424 -ip 3424
1⤵
PID:1308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2508 -ip 2508
1⤵
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3424 -ip 3424
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3424 -ip 3424
1⤵
PID:4368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Delete.BAT

Filesize
214B

MD5
51613b9b6b45bd7aa11258c939a0b4a3

SHA1
72e4a37cb2e293f7851fb0cae2686c971cd80d07

SHA256
bd86fb80beb259103272a2374ec6b67dcb18fc279b67768d254712174304a6dd

SHA512
7f43fc456df1946bdfa286d89725fbb68920f7539aaeafd8cf4ec8df00e695c1ac32a8bd7093d8be49031facb0788a562a11a267a376877d5402f763dd5cfd3d

Download Submit
C:\Windows\guocyok88.exe

Filesize
651KB

MD5
06254051a87de6f56d56e540c317cb8d

SHA1
175de6a4f210e192974866501de60098cd06e9cf

SHA256
021f93eedff25b238cfaf1a46d0c14c4c3f1a6a900e496607e60427bce0a564e

SHA512
8b6e7b014865ad0947524bdcde209e400a254bb7f9dda8577edf6832bcc140a56cc45a692b4cdcd0621b30b8ac5087472df504139e8858a8ce4a77577e558309

Download Submit
memory/2508-0-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2508-1-0x00000000022F0000-0x0000000002344000-memory.dmp

Filesize
336KB

Download
memory/2508-2-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2508-15-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-44-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/2508-43-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/2508-42-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/2508-41-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/2508-40-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2508-39-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-38-0x00000000034C0000-0x00000000034C6000-memory.dmp

Filesize
24KB

Download
memory/2508-37-0x00000000034D0000-0x00000000034D3000-memory.dmp

Filesize
12KB

Download
memory/2508-36-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-35-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-34-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-33-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-32-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-31-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-30-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-29-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-28-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-27-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-26-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-25-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-24-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-23-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-22-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-21-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2508-20-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/2508-19-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-18-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-17-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-16-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-14-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-13-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-12-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-11-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2508-10-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2508-9-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2508-8-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2508-7-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/2508-6-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2508-5-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2508-4-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2508-3-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2508-47-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/2508-54-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2508-55-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/2508-56-0x00000000022F0000-0x0000000002344000-memory.dmp

Filesize
336KB

Download
memory/3424-50-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3424-51-0x0000000000E90000-0x0000000000EE4000-memory.dmp

Filesize
336KB

Download
memory/3424-58-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3424-59-0x0000000000E90000-0x0000000000EE4000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads