451b29eb1751f21b462999f479db87f8b8561694a7727ca062b68bf2a6466a21

Analysis

max time kernel
142s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
Size

5.2MB
MD5

1481afba72a9ef1316c96a5ee9353a7b
SHA1

cac849a430a0b1c6abcad52bb9451de784b21459
SHA256

451b29eb1751f21b462999f479db87f8b8561694a7727ca062b68bf2a6466a21
SHA512

90548d3e183ba2b65de11a4987dec7bdc91d51c3297f6ba74af58eb2398cb69f735f3e61d57084a5e17261c425fb53b6bfe30b4d6d349e294916d8b8a19f43e3
SSDEEP

98304:f3jb2+QanL9QOw3n2L/8Jxcqy1zJy+D3/qxFA2GC5K:f3jbZQnTGj8ov1dyGSxG2H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1688	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe

Loads dropped DLL 3 IoCs

pid	Process
2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2464 set thread context of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	1688	WerFault.exe	28

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1688	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
1688	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 2464 wrote to memory of 1688	2464	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	28
PID 1688 wrote to memory of 3032	1688	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	29
PID 1688 wrote to memory of 3032	1688	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	29
PID 1688 wrote to memory of 3032	1688	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	29
PID 1688 wrote to memory of 3032	1688	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Users\Admin\AppData\Local\Temp\1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
  "C:\Program Files (x86)\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1688
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 580
    3⤵
    - Program crash
    PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RemoveIT Pro [7sky.AT.ua & Noby.uCoz.Ru]\Registry.rw.tvr

Filesize
4KB

MD5
5f75e0bbc669e08251af96ca871ae3e6

SHA1
b3837638f5c1b51d48f41b3222be962b7f2c8ab6

SHA256
27dae74ff4fd6ca386ae54a1a18ac5ef44f2d4ae1bc58caaba24d785ada16ad4

SHA512
e0078bf7f8d05a8c1acbe92004d8942337c8757f24e7723be74f8e3c042e68550818a816e03b0fbcd621d53425a64f5826090c45105c4d51893d844b2f3ae635

Download Submit
C:\Users\Admin\AppData\Local\Temp\RemoveIT Pro [7sky.AT.ua & Noby.uCoz.Ru]\Registry.rw.tvr.lck

Filesize
60B

MD5
d895f7f7695f92c26dad88a034adcdae

SHA1
44a2aead3906a4787948883de1db2306abaae333

SHA256
0ef633299455024442308253a012f7723dd0b24ca277f9060ba709fe60623fa1

SHA512
8391ff5cfdc6cf99c91df2cf57508a4748ed4997c1f7ffb355794c889c596f6af238925a70157458d66f47596ff5f5f633f6cf2a2b8ca09c68cc42c12bd45f15

Download Submit
\Users\Admin\AppData\Local\Temp\RemoveIT Pro [7sky.AT.ua & Noby.uCoz.Ru]\SKEL\b4031fcc866fd7731f789d1b3c1e4d9420d097.SharedTA

Filesize
520KB

MD5
c0aaa1183de6c10443ae8f6a21a83546

SHA1
b40031fcc8066fd7731f789d1b3c1e4d9420d097

SHA256
68e51ef0a2ba731cca66e3248bf3238c01dc8d7b34e1da055308bde431166484

SHA512
4f9be6b6d3bd706b32a7580d118d978e022dfb6cdf718d50d55eeec9874669fa40da7de4a296c612018d2848a473ac9f1a358772919639988ee1666021d9e186

Download Submit
memory/1688-49-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-47-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-266-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/1688-265-0x000000007EFA0000-0x000000007EFB0000-memory.dmp

Filesize
64KB

Download
memory/1688-252-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/1688-242-0x00000000772D0000-0x000000007737C000-memory.dmp

Filesize
688KB

Download
memory/1688-241-0x0000000077750000-0x0000000077797000-memory.dmp

Filesize
284KB

Download
memory/1688-234-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-42-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/1688-44-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-45-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-46-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-68-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-48-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-50-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-51-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-54-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/1688-70-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-60-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-61-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-229-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/1688-230-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-43-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-62-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-57-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-58-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-75-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-79-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-67-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-71-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-74-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/1688-227-0x000000007EFA0000-0x000000007EFB0000-memory.dmp

Filesize
64KB

Download
memory/1688-69-0x0000000001DE0000-0x0000000001F53000-memory.dmp

Filesize
1.4MB

Download
memory/2464-21-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-0-0x0000000079BF0000-0x0000000079BF8000-memory.dmp

Filesize
32KB

Download
memory/2464-9-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-56-0x0000000000390000-0x0000000000398000-memory.dmp

Filesize
32KB

Download
memory/2464-8-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-36-0x000000007EF90000-0x000000007EFA0000-memory.dmp

Filesize
64KB

Download
memory/2464-33-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-11-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-22-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-55-0x0000000002780000-0x000000000290B000-memory.dmp

Filesize
1.5MB

Download
memory/2464-13-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-53-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2464-52-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2464-14-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-1-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-15-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-12-0x0000000000340000-0x000000000034C000-memory.dmp

Filesize
48KB

Download
memory/2464-7-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-23-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-24-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-27-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-10-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-20-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-238-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-2-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-3-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-251-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2464-250-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2464-4-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-253-0x0000000002780000-0x000000000290B000-memory.dmp

Filesize
1.5MB

Download
memory/2464-5-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download
memory/2464-6-0x0000000001CA0000-0x0000000001E13000-memory.dmp

Filesize
1.4MB

Download