60c295e35ec0294bcbf40410ea7681be49f5f443f950a3b31a002020429419ba

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe
Size

351KB
MD5

0fc01af8e29b95db1e741ea48fde46a8
SHA1

3e456072447163678d41861b40f63d0ac14fcb35
SHA256

60c295e35ec0294bcbf40410ea7681be49f5f443f950a3b31a002020429419ba
SHA512

00da5bc6c5a52742b80e28fac96cbd65c8c90f093131e29d0143d5ed74e53906b9f574b94491a1cf27bcf0b350e5f2f63f2771113c169aad8a62689525bf8a2b
SSDEEP

6144:ZXDHBOgzF2idZecnl20lHRxp3g8FcHa5EGUalE0WnERq8xwnZ3IsM6wq:FDHB5xF3Z4mxxsHa5EGUeEJER1gBIsMQ

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2004	ºÚµ°µ°.exe

Loads dropped DLL 2 IoCs

pid	Process
2280	0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe
2280	0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2004	2280	0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2004	2280	0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2004	2280	0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe	28
PID 2280 wrote to memory of 2004	2280	0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fc01af8e29b95db1e741ea48fde46a8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ºÚµ°µ°.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ºÚµ°µ°.exe
  2⤵
  - Executes dropped EXE
  PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ºÚµ°µ°.exe

Filesize
4KB

MD5
1957bef6c226652737dc1c8564138533

SHA1
75fc7345ea7c6bb7410d325881985db931667d56

SHA256
71ce4fde1249ebdbaf620fb4e1ef15675a655de53a9f1fb8fe3c896e43b26fa8

SHA512
5eed613de95ba46dbac5d4ba983acbbbaeb623a70db7386353e921d2fcf18e4e3913194d8fb16050f7dbc5551b4765663bda5becacc2c0bf09d65faecccc807f

Download Submit
memory/2004-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2280-0-0x0000000001000000-0x000000000106D000-memory.dmp

Filesize
436KB

Download
memory/2280-1-0x00000000006C0000-0x0000000000714000-memory.dmp

Filesize
336KB

Download
memory/2280-2-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2280-9-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-8-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/2280-7-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/2280-6-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2280-5-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2280-4-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download
memory/2280-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2280-11-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/2280-12-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-10-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-21-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/2280-31-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2280-30-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/2280-29-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/2280-28-0x0000000000D70000-0x0000000000D71000-memory.dmp

Filesize
4KB

Download
memory/2280-27-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-26-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2280-25-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

Filesize
4KB

Download
memory/2280-24-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

Filesize
4KB

Download
memory/2280-23-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/2280-22-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/2280-50-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-64-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-63-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-62-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-61-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-60-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-59-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-58-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-57-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-56-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-55-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-54-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-53-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-52-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-51-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-49-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-48-0x0000000001000000-0x000000000106D000-memory.dmp

Filesize
436KB

Download
memory/2280-47-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-46-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/2280-45-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/2280-44-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-43-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-42-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-41-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-40-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-39-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-38-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-37-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-36-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-35-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-34-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-33-0x0000000000D80000-0x0000000000D81000-memory.dmp

Filesize
4KB

Download
memory/2280-32-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/2280-20-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/2280-19-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-18-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/2280-17-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-16-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-15-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-14-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-13-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/2280-77-0x0000000001000000-0x000000000106D000-memory.dmp

Filesize
436KB

Download
memory/2280-78-0x00000000006C0000-0x0000000000714000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads