051c6e5e58b4eb47ca05c7f1d79dcb966a8e662de146d5ad39ba72dca7ab3de4

Analysis

max time kernel
142s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe
Size

594KB
MD5

0f5cc78690326a8625edaec5bab83990
SHA1

0f9af8e6bbe2788143a8e6f8eecab5e0815ebfb5
SHA256

051c6e5e58b4eb47ca05c7f1d79dcb966a8e662de146d5ad39ba72dca7ab3de4
SHA512

21998a82110bca21f6938599150be131c97426eecfc0a39ade69115710556ebc21a2916d51287b5546afe8dba3c92e9333998abf701a4d29b352614d46a010bd
SSDEEP

12288:h3tDRxd4SeLP2e5PeDF8HhwvYsF3Z4mxxwqJ0MvIHvTBOG:h9VB85PcCKQmXwNMCNOG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3088	system32.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32.exe	0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe
File opened for modification	C:\Windows\system32.exe	0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe
File created	C:\Windows\Delete.bat	0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3088	system32.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2316	2760	0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe	83
PID 2760 wrote to memory of 2316	2760	0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe	83
PID 2760 wrote to memory of 2316	2760	0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe	83
PID 3088 wrote to memory of 1324	3088	system32.exe	82
PID 3088 wrote to memory of 1324	3088	system32.exe	82

C:\Users\Admin\AppData\Local\Temp\0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f5cc78690326a8625edaec5bab83990_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
  2⤵
  PID:2316

C:\Windows\system32.exe
C:\Windows\system32.exe
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:1324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Delete.bat

Filesize
214B

MD5
a441fb056609cd6b3d8c33f50b6a4b66

SHA1
9d81d371fa0ea3c81496efe3682e3c36f43ab679

SHA256
8e50596e6de878adbd5578f197bd47435a3bc12c56222f2ec19f6dc3606970e7

SHA512
6c4622b2ac35cd48eb0b13db401caad8716a5de9599209a04d9c9e1c1c3109d883697640c783100c6887b65f16860eedfdc5d7625d9b3320c10c255c50a26865

Download Submit
C:\Windows\system32.exe

Filesize
594KB

MD5
0f5cc78690326a8625edaec5bab83990

SHA1
0f9af8e6bbe2788143a8e6f8eecab5e0815ebfb5

SHA256
051c6e5e58b4eb47ca05c7f1d79dcb966a8e662de146d5ad39ba72dca7ab3de4

SHA512
21998a82110bca21f6938599150be131c97426eecfc0a39ade69115710556ebc21a2916d51287b5546afe8dba3c92e9333998abf701a4d29b352614d46a010bd

Download Submit
memory/2760-0-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/2760-1-0x00000000021B0000-0x0000000002204000-memory.dmp

Filesize
336KB

Download
memory/2760-33-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-86-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-85-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-84-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-83-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-82-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-81-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-80-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-79-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-78-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-77-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-76-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-75-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-88-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/2760-87-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2760-74-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-73-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-72-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-71-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-70-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-69-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-68-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-67-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-66-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-65-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-64-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-63-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-62-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-61-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-60-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-59-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-58-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-57-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-56-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-55-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-54-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-53-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-52-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-51-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-50-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2760-49-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2760-48-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2760-47-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2760-46-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2760-45-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-44-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2760-43-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2760-42-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/2760-41-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/2760-40-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2760-39-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2760-38-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/2760-37-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/2760-36-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2760-35-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-34-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-32-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2760-31-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-30-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-29-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-27-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-26-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-25-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-24-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-23-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-22-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-21-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-20-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-19-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-17-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-16-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-13-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-12-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-11-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-10-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-9-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-8-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2760-7-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/2760-6-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/2760-4-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/2760-3-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/2760-2-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/2760-28-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-18-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-15-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/2760-14-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2760-5-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/2760-97-0x00000000021B0000-0x0000000002204000-memory.dmp

Filesize
336KB

Download
memory/2760-96-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/3088-99-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/3088-100-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads