Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 15:01
Behavioral task
behavioral1
Sample
1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe
-
Size
11.7MB
-
MD5
1263d2b17af917e0cafc16054004eac3
-
SHA1
1fdbdebb1fa92102fd8abc2648030a0027cbcef3
-
SHA256
588648051c60c353b5541b78d13a94a09802d3d332cf5aaf57b4aaf5c02559fa
-
SHA512
a54ee8a30ad306c0aea963ed09a4598100b3803af7fa09e011b65e255ca8e6cf1b3a1f7796c50c5461b890502c2e101bb6b11174612497c51549169c0aa46ac1
-
SSDEEP
196608:a+eIunHm269onJ5hrZERdW3q+09iq2pPeAyiU8AdZYJERBrTWjnDNhdHqb6R6A:VunG269c5hlERblh2pvAdZYyDrynDNp
Malware Config
Signatures
-
Loads dropped DLL 17 IoCs
pid Process 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 4848 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
flow ioc 6 2.tcp.ngrok.io -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4468 wrote to memory of 4848 4468 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 82 PID 4468 wrote to memory of 4848 4468 1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Users\Admin\AppData\Local\Temp\1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1263d2b17af917e0cafc16054004eac3_JaffaCakes118.exe"2⤵
- Loads dropped DLL
PID:4848
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD58697c106593e93c11adc34faa483c4a0
SHA1cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987
-
Filesize
83KB
MD56c7565c1efffe44cb0616f5b34faa628
SHA188dd24807da6b6918945201c74467ca75e155b99
SHA256fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a
SHA512822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22
-
Filesize
178KB
MD5f5bf6a2926c1106cc6b72dca1157e04f
SHA158875e55b42def38bb748c5f70cd37ae93d44ef2
SHA2563d3aeb22fd97a8bd2fee53412ce43466c76f22a1fd918b769ab6a58bf859d5a2
SHA51295610daabc3c150f606184feb66459e30a3a0b509a7adf40806601d83e821c5d5f5afc2af8d0eb1cad92cabf6d3aff21c9a35094fba1cfa8faed5293a8f2c986
-
Filesize
122KB
MD529da9b022c16da461392795951ce32d9
SHA10e514a8f88395b50e797d481cbbed2b4ae490c19
SHA2563b4012343ef7a266db0b077bbb239833779192840d1e2c43dfcbc48ffd4c5372
SHA5125c7d83823f1922734625cf69a481928a5c47b6a3bceb7f24c9197175665b2e06bd1cfd745c55d1c5fe1572f2d8da2a1dcc1c1f5de0903477bb927aca22ecb26a
-
Filesize
157KB
MD5b5355dd319fb3c122bb7bf4598ad7570
SHA1d7688576eceadc584388a179eed3155716c26ef5
SHA256b9bc7f1d8aa8498cb8b5dc75bb0dbb6e721b48953a3f295870938b27267fb5f5
SHA5120e228aa84b37b4ba587f6d498cef85aa1ffec470a5c683101a23d13955a8110e1c0c614d3e74fb0aa2a181b852bceeec0461546d0de8bcbd3c58cf9dc0fb26f5
-
Filesize
27KB
MD54ab2ceb88276eba7e41628387eacb41e
SHA158f7963ba11e1d3942414ef6dab3300a33c8a2bd
SHA256d82ab111224c54bab3eefdcfeb3ba406d74d2884518c5a2e9174e5c6101bd839
SHA512b0d131e356ce35e603acf0168e540c89f600ba2ab2099ccf212e0b295c609702ac4a7b0a7dbc79f46eda50e7ea2cf09917832345dd8562d916d118aba2fa3888
-
Filesize
77KB
MD5f5dd9c5922a362321978c197d3713046
SHA14fbc2d3e15f8bb21ecc1bf492f451475204426cd
SHA2564494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626
SHA512ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99
-
Filesize
767KB
MD5b885535007f6a62ce17401e6d6605121
SHA12eff535379685dd3889ee75c88952b5882fb346e
SHA25657272e17d4d092b5777e6fec87d792c45a2affaa791e8676b064d793d580d5f3
SHA512c227cc8f131b01ac6dce1b3bfd01a56e24ea8ac4dd38a1da3619d92bd9b24d100f5e8812c6d5cbfe5beaf28b425147ef16bf150ae8a01ddc710a49f81d376718
-
Filesize
13KB
MD56367c1887237fec67b88bb37b90ac8b2
SHA1cdcdfaa67d69636082a4eafdc2cc3346fe3c6267
SHA25628a496d00b1f388558b56defa8ebb3db629f01a6ef669782754a7a96cb5a2980
SHA512199dd521daae09c0ceb69dd7b58487294f173b017fcadf5d6121736cc45ee61579fe2f4fbd99c40e3428be55f53846e13bc2622ed61bf35d5d9ca1fd26f29ca0
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
57KB
MD53c88de1ebd52e9fcb46dc44d8a123579
SHA17d48519d2a19cac871277d9b63a3ea094fbbb3d9
SHA2562b22b6d576118c5ae98f13b75b4ace47ab0c1f4cd3ff098c6aee23a8a99b9a8c
SHA5121e55c9f7ac5acf3f7262fa2f3c509ee0875520bb05d65cd68b90671ac70e8c99bce99433b02055c07825285004d4c5915744f17eccfac9b25e0f7cd1bee9e6d3
-
Filesize
4.3MB
MD511c051f93c922d6b6b4829772f27a5be
SHA142fbdf3403a4bc3d46d348ca37a9f835e073d440
SHA2560eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c
SHA5121cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6
-
Filesize
543KB
MD5778867d6c0fff726a86dc079e08c4449
SHA145f9b20f4bf27fc3df9fa0d891ca6d37da4add84
SHA2565dfd4ad6ed4cee8f9eda2e39fe4da2843630089549c47c7adda8a3c74662698a
SHA5125865cb730aa90c9ac95702396e5c9f32a80ff3a7720e16d64010583387b6dbd76d30426f77ab96ecb0e79d62262e211a4d08eae28109cd21846d51ed4256b8ea
-
Filesize
137KB
MD572511a9c3a320bcdbeff9bedcf21450f
SHA17a7af481fecbaf144ae67127e334b88f1a2c1562
SHA256c06a570b160d5fd8030b8c7ccba64ce8a18413cb4f11be11982756aa4a2b6a80
SHA5120d1682bb2637834bd8cf1909ca8dbeff0ea0da39687a97b5ef3d699210dc536d5a49a4f5ff9097cabd8eb65d8694e02572ff0fdabd8b186a3c45cd66f23df868
-
Filesize
26KB
MD57a442bbcc4b7aa02c762321f39487ba9
SHA10fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83
SHA2561dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad
SHA5123433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c
-
Filesize
1.1MB
MD58320c54418d77eba5d4553a5d6ec27f9
SHA1e5123cf166229aebb076b469459856a56fb16d7f
SHA2567e719ba47919b668acc62008079c586133966ed8b39fec18e312a773cb89edae
SHA512b9e6cdcb37d26ff9c573381bda30fa4cf1730361025cd502b67288c55744962bdd0a99790cedd4a48feef3139e3903265ab112ec545cb1154eaa2a91201f6b34
-
Filesize
131KB
MD599a3fc100cd43ad8d4bf9a2975a2192f
SHA1cf37b7e17e51e7823b82b77c88145312df5b78cc
SHA2561665ad12ad7cbf44ae63a622e8b97b5fd2ed0a092dfc5db8f09a9b6fdc2d57e7
SHA512c0a60d5333925ce306ceb2eb38e13c6bae60d2663d70c37ecfc81b7346d12d9346550cb229d7c4f58d04dd182536d799e6eff77996d712fc177b1f5af7f4a4f2
-
Filesize
26KB
MD59075789a18d8840a5c440e0226be7405
SHA160c04fc2f6f82328c552b0460e3567c91554ee2c
SHA256bf12821fec798cfde4010551e3be4f9aa07d7facb1253c32357bbfa43ed80d8d
SHA51224ef97ac9d3b25db16dd3eaa185edc58a43e75dd729c31615c0fa7aa09cc05c61d93297a343f35b24548eb3b0631fb79201c0ea8f36503b5994ad1cdbcf9319c