451b29eb1751f21b462999f479db87f8b8561694a7727ca062b68bf2a6466a21

Analysis

max time kernel
143s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
Size

5.2MB
MD5

1481afba72a9ef1316c96a5ee9353a7b
SHA1

cac849a430a0b1c6abcad52bb9451de784b21459
SHA256

451b29eb1751f21b462999f479db87f8b8561694a7727ca062b68bf2a6466a21
SHA512

90548d3e183ba2b65de11a4987dec7bdc91d51c3297f6ba74af58eb2398cb69f735f3e61d57084a5e17261c425fb53b6bfe30b4d6d349e294916d8b8a19f43e3
SSDEEP

98304:f3jb2+QanL9QOw3n2L/8Jxcqy1zJy+D3/qxFA2GC5K:f3jbZQnTGj8ov1dyGSxG2H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3744	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe

Loads dropped DLL 3 IoCs

pid	Process
4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4188 set thread context of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3744	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
3744	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81
PID 4188 wrote to memory of 3744	4188	1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Users\Admin\AppData\Local\Temp\1481afba72a9ef1316c96a5ee9353a7b_JaffaCakes118.exe
  "C:\Program Files (x86)\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RemoveIT Pro [7sky.AT.ua & Noby.uCoz.Ru]\Registry.rw.tvr

Filesize
4KB

MD5
839723b1f76822461334268eaa109716

SHA1
ceac28413feb55284c0654353426311a62b83bd2

SHA256
83e2adde92e06b1f071ca99e2ea4886da12439bde036ecf616aa9a5849fd89e5

SHA512
7123c9e5a4a9d3ab3118c88b5491907b86baf4f03a7e20bb7d88996de30cf714652f0961686bc648cb4d4e8bc1401f276805542c5947644ee93a4213951ea3c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RemoveIT Pro [7sky.AT.ua & Noby.uCoz.Ru]\Registry.rw.tvr.lck

Filesize
60B

MD5
18b591ca8385c5c7b964f1cbb98173a3

SHA1
af5dd992e5f17b4af96c8c4d9787dfba36b64feb

SHA256
273bbb8a492aac786dee16402a0d9abed61cb89465b4ab6def130805e1068f22

SHA512
161cb96b0ce9747b08de53e8d3459507cc75ff38eac077aafa3c1152cfaf5b0c8c17d9cd383cb0966d7d709888eebf1ccd5e4dcc23f6f3556263e87ec68d1336

Download Submit
C:\Users\Admin\AppData\Local\Temp\RemoveIT Pro [7sky.AT.ua & Noby.uCoz.Ru]\Registry.rw.tvr.transact

Filesize
4KB

MD5
2001a57cbd2d4ab3378a199d0a4d1da1

SHA1
e920bcc774e10af2a155b79ecd760c019b9cc7f9

SHA256
95b2c477b7f18ceef58489cc800d409a50f2e59626fa96180a290952a61d3551

SHA512
ded2ce42bf4c721caf4f9a701c8a24e8745ada1a69d822ea0cc3b462b930aee912bf245d3355782c3701bf1961bb6704733e94e603529622883356d2a4c76ac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RemoveIT Pro [7sky.AT.ua & Noby.uCoz.Ru]\SKEL\b4031fcc866fd7731f789d1b3c1e4d9420d097.SharedTA

Filesize
520KB

MD5
c0aaa1183de6c10443ae8f6a21a83546

SHA1
b40031fcc8066fd7731f789d1b3c1e4d9420d097

SHA256
68e51ef0a2ba731cca66e3248bf3238c01dc8d7b34e1da055308bde431166484

SHA512
4f9be6b6d3bd706b32a7580d118d978e022dfb6cdf718d50d55eeec9874669fa40da7de4a296c612018d2848a473ac9f1a358772919639988ee1666021d9e186

Download Submit
memory/3744-57-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-53-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-145-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/3744-100-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3744-80-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-76-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-75-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-70-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-69-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-66-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-65-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-64-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-63-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-62-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-85-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3744-56-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-55-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-144-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3744-52-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-50-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-49-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-48-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-47-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-46-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-44-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-43-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-42-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3744-51-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-102-0x0000000079BF0000-0x0000000079BF8000-memory.dmp

Filesize
32KB

Download
memory/3744-103-0x000000007FF90000-0x000000007FFA0000-memory.dmp

Filesize
64KB

Download
memory/3744-45-0x0000000002140000-0x00000000022B3000-memory.dmp

Filesize
1.4MB

Download
memory/3744-104-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/3744-86-0x0000000075640000-0x0000000075855000-memory.dmp

Filesize
2.1MB

Download
memory/4188-12-0x0000000002510000-0x000000000251C000-memory.dmp

Filesize
48KB

Download
memory/4188-26-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-24-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-23-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-22-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-21-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-20-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-15-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-14-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-13-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-11-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-10-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-18-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-7-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-6-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-3-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-4-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-2-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-34-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-84-0x0000000077260000-0x0000000077400000-memory.dmp

Filesize
1.6MB

Download
memory/4188-27-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-99-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/4188-19-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-8-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-9-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-101-0x00000000042F0000-0x000000000447B000-memory.dmp

Filesize
1.5MB

Download
memory/4188-5-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-98-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/4188-97-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/4188-1-0x0000000001F20000-0x0000000002093000-memory.dmp

Filesize
1.4MB

Download
memory/4188-0-0x0000000079BF0000-0x0000000079BF8000-memory.dmp

Filesize
32KB

Download