Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 06:56
Static task
static1
Behavioral task
behavioral1
Sample
1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe
-
Size
82KB
-
MD5
1119e8ce501dac1c72ebd88286f14500
-
SHA1
ce34fa76676bea35a5fb78faf0725b1373f86da7
-
SHA256
2862543b053023f0dcd3b75a7e61f30705d2da01826c67fef66b55cc3b68dd5b
-
SHA512
3b9fb21796d9ed3c6856ae81b4bbaad33384d8fb22a54fba5264ad176dd74aea87c4bdf00612d7f34199755594bf4d66cb24f8fb8fbc937da06e852e91ab9e53
-
SSDEEP
1536:YLQmripssRZ3RM4I12NOheqjbjJ6/ECkagvDarXJCQes//dZ+M+DQzrSY4wprNTN:YeHI12NsF3YE+gLar4Ns//d9+DQzGY4M
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4268 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe -
resource yara_rule behavioral2/files/0x0006000000023298-3.dat upx behavioral2/memory/4268-4-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4268-7-0x0000000000400000-0x0000000000446000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 948 4268 WerFault.exe 84 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 732 wrote to memory of 4268 732 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 84 PID 732 wrote to memory of 4268 732 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 84 PID 732 wrote to memory of 4268 732 1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:732 -
C:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exeC:\Users\Admin\AppData\Local\Temp\1119e8ce501dac1c72ebd88286f14500_JaffaCakes118mgr.exe2⤵
- Executes dropped EXE
PID:4268 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 2683⤵
- Program crash
PID:948
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4268 -ip 42681⤵PID:3300
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
73KB
MD523842802587d1c2570eec734a06cc188
SHA1aecd57ced1f79fa0dcc93076b3254216d08b907f
SHA256aa94699c1420a0a2c0d07a936fe2acc26cdbb410f7bc47552110504e91b4a8d8
SHA51280ebdf18eff5b25e4ce2dccb44d5b55a9e377b5b339da3a253679d0a4eb0e6fb57595aabb979014aa4e3d59f8622d4660df763d79d8a813365eff0538c05b1c7