ca8c4dc7ebba2a891de035f4c45d9754b1b144f590d7bc5c6535035b0c07c22a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 03:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe
Size

688KB
MD5

1493249bee099a356ce2bd7f761e8606
SHA1

5e52be5c9e1930a95b893bfeff681b0dd41b82fa
SHA256

ca8c4dc7ebba2a891de035f4c45d9754b1b144f590d7bc5c6535035b0c07c22a
SHA512

6cc7e06a0316d33d5176c320b6306aad829ea8367b9cd2c9f3cb10b4d088391c6de3d5da716fa94ea5e82b258bff7843d844fce3dad6fe48a7101f3083087883
SSDEEP

12288:Cn3NTTloFoycVCm2AxqAVM4ZBoKgXOEpjZV1JkL+ERXXYNeOQKy81B4SV:m3NTquFVQA0Af3g+EpZVrklRHKetK91n

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3596	jp2lt.exe

Loads dropped DLL 1 IoCs

pid	Process
3596	jp2lt.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3596	jp2lt.exe
3596	jp2lt.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 3596	2600	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	81
PID 2600 wrote to memory of 3596	2600	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	81
PID 2600 wrote to memory of 3596	2600	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	81
PID 2600 wrote to memory of 3596	2600	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	81
PID 2600 wrote to memory of 3596	2600	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\jp2lt.exe
  "C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\jp2lt.exe" -litename "1493249bee099a356ce2bd7f761e8606_JaffaCakes118"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\Default.spk

Filesize
109KB

MD5
d234d4e66c8df098a5dc3934cc0cc71b

SHA1
3bfcca74cf4ce1d30c900a2a46a8be49a8e48911

SHA256
e8d03fa7ae11afcdd020e17141438605c3f7e4cb855ad82c744416917e0b0fae

SHA512
d78504f360752ab2cc29ffce796566e1b607f65f98f147862df3908a0bf2287198650cdb665c6c3e3559e0f659370af9b4cc5df81e63dd845ee0235b7bb7dd18

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\Jp2lt.exe

Filesize
733KB

MD5
b05c9d19de9acf53b551882b1f6ace9b

SHA1
a01c58d0fc306ee3fe5ae638d5fc0475478a7e82

SHA256
9565c0dfa6408edc3c8d0e5952446f72e405d71df2a4ba45c0b99c9a6bcb6700

SHA512
54f0cf6886f8bf86520b06efc3a70f702dfd3fb04361f3c39705db7354285ccd8ae637d3aa2b6b5ec875a944ff0c7d24028621453afee9f408e2536e1db77cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\Media.dll

Filesize
173KB

MD5
b29cde18fae164f672e8bfcea5de37c7

SHA1
e1439a0a64d98ed038dc2999c881238c38917404

SHA256
09cf4b6bec3a1891b60156aef51fef4c831b3c37db6cea8381bb1c60128c81fa

SHA512
6548ea2759c565abc2093315899aaf87724daebba1949b778e9ab6507db835b1def5068dee2c20f6da5228989d025349138cef3bf7084f33ad146a1e11f6c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\Puzzles\aggressivedogbehavior.pzl

Filesize
13KB

MD5
89a98b51a3c6a1cc86d368e993fda9d0

SHA1
9e283075bcf86f47bba8855a33a527090a168f4a

SHA256
8f0495579e4e9c303ba2d5c5bbe407cbab39a2991d6ce5efe769fac81dfa860e

SHA512
a1f563496f0e41d49909fb77afa0bd4a29a49c60252423e43e1041afcd3a982d9067ebd66d4c3e60b39439ce321d41d85867ba5090654032d9b74df4d3916ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\data.pck

Filesize
11KB

MD5
810261516945f6611547d7c67883a0ca

SHA1
6c607c52277a7063acd623d2ebf8f917c9420463

SHA256
5dc5a977b099f4645ebab6271442d13457bfc7a91564700dc982b292933b574f

SHA512
0d44ad0f0cc833bfb0880008de607765e25f908d883186e153f3537e9da3d5e1594b6d4524f765a40602af591d8e82901080f8775cffd3734d57dbec1349cb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\english.lng

Filesize
17KB

MD5
5354dba4dab261ecba05b7b3b2ee1d13

SHA1
b227ebace8c2a02e50c5cddbb5589928062a33f1

SHA256
3aa42234872afe5b3861bc4929bcd58146f507c45a338eff3073db534907889a

SHA512
16089a0f4e22107330e96638481f06c9065d0fb70df016b288950185d368b8f72f216e7ac4603159d72a7035ef456c1ae5bba3e555a528a88baa989fb0a4e1ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\index.ini

Filesize
86B

MD5
487650f34dfdcb49880ecada35ee39f9

SHA1
2c5da552f94c18dd4293bd3561673eac06ac55e7

SHA256
e4f235776b0daa19acc519d9fe42caf4f8b6544a4e6737a146a9cd7a1d0f81e3

SHA512
0efe4800e01130b7663bca0dc384a38bb07c104ea74cfc88727b4b8b67780ff9839a5cfd5fbf81abc1f31ed05a7a0d919478599d873a8e33294bcd2521f29d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\lite.lng

Filesize
917B

MD5
d6a6b435d0fae8bea7cf58f9e6556918

SHA1
b0c37e4c0b389e321274a29f2ff0e6c49cc26495

SHA256
b5bf33f1e3d183ff260b925b4bfaa46871f1a0e03357ccdad8fff05b26066423

SHA512
e664794bcaccbf86f6c3d4424427a9062f6ab82d6f2dfe07a13aea3e315fa114213d445a084e8e543075f3e5a9d82c0a1f179a7c257b425fb51e7ba4016b3229

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\log.txt

Filesize
3KB

MD5
93b3bce49e59b3f58f9f51478b576b2a

SHA1
936f52a334ef786b008f56d5b93ad53fba073c24

SHA256
a1ca15e84bfc87fa7ae4e9f858e1345c63e29908f4c1e472ca484991dcb3f8d5

SHA512
34d7c1a67cecf29e72150aa0c79e720d662fb6a14c70fb20144bea7eb5ad206c2de3a16ee139acd6e0af0eb4095c0a3504b72eb0c11392ac618f094da1c3eaf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\log.txt

Filesize
3KB

MD5
f7f4d89afbfe126ae726611c9b4062e9

SHA1
67c21b165856419a032b3a1f687dd53fe6c15edd

SHA256
ab0da726bc6e271e1a0c8e4e614820fd29d42d50c86f010a3525719144c5ed1d

SHA512
b396cf2e49f91167c7e1cbcaa994603fe9ecec41fffc376e6950166d12b53bde0e7b2855c8b6a23f92f1885b4d13582cb82905c37aeb1957de6582a39e005f58

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\log.txt

Filesize
1KB

MD5
5f5be48ef7798c41470e010aefd03f0d

SHA1
10aa31abf84ec26d24b735cf01b31949bcfe9e1c

SHA256
b0e4411435da8f2a6075de9063b3e9bf774ea00fb9654254cda62f17e2d56789

SHA512
fc467a45706ab9e8078256949963f0d2a8d49879191fabba3bba1ee1d3df89259ee3f2abd7783a06c5ec57139e02c97f3e92e99310bc4e411aab969195cbd8de

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll44E8.tmp\log.txt

Filesize
5KB

MD5
dd4be351d49aa35df54e36f95c0da98e

SHA1
b40fffd64e9a7dd089f9e9c71950c4554d770530

SHA256
00cc2be6e799289e5872875773b1569914f599dab186e2aaa0a02b69d6f219ab

SHA512
9b7035dc8ef0569608eede862267a7e68cbc606a83c998f19d5b6104ce47bce76c70d0451c62e18f36d7d91961f23bf91e19d7882ee024545b76c096630852dd

Download Submit