Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 04:43
Behavioral task
behavioral1
Sample
14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe
-
Size
10.3MB
-
MD5
14b8871a783f6d8d8f335b503e6dc7b2
-
SHA1
c0e1757cf3510a16edd91c229a3da148a297fc37
-
SHA256
3dcf1ef8cd50a04198bc7d8392f1512ae50f0fc8f195b98d25831d695826306b
-
SHA512
9e60b6cc4453608cb9f75f056a8abe71539a61d0d9bf632cf03753737318b8c4c07918eefe2ace4da11e86ba96790f490fcc1c1def8f504ac0c2564ccffa01bc
-
SSDEEP
196608:Td+GIxLVhQ9onJ5hrZERoyiU8AdZYJERS48RmU/3ZlsPvD2aRLrTOg8CORKRqbZ:UPVVm9c5hlER0AdZYygtN3ZWqahriR
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exepid process 1636 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 1636 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 1636 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 1636 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 1636 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 1636 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 1636 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exedescription pid process target process PID 2484 wrote to memory of 1636 2484 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe PID 2484 wrote to memory of 1636 2484 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe PID 2484 wrote to memory of 1636 2484 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe 14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Users\Admin\AppData\Local\Temp\14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\14b8871a783f6d8d8f335b503e6dc7b2_JaffaCakes118.exe"2⤵
- Loads dropped DLL
PID:1636
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD59d8413744097196f92327f632a85acee
SHA1dfc07f5e5a0634dd1f15fdc9ff9731748fbff919
SHA2566878d8168d5cc159efe58f14e5ba10310d99b53ab8495521e54c966994dac50b
SHA512a8f6e9ee1c5d65f68b8b20d406d3e666c186e15cb3b92575257b5637fe7dd5ac7d75e9ad51c839ba4490512f68f6b48822fc9edd316dd7625d3627d3b975fb2a
-
Filesize
18KB
MD5361c6bcfcea263749419b0fbed7a0ce8
SHA103db13108ce9d5fc01cecf3199619ffbccbd855a
SHA256b74aefd6fa638be3f415165c8109121a2093597421101abc312ee7ffa1130278
SHA512aa8b585000cc65f9841b938e4523d91d8f6db650e0b4bb11efd740c27309bf81cdb77f05d0beda2489bf26f4fbc6d02c93ce3b64946502e2c044eea89696cc76
-
Filesize
21KB
MD5b402ed77d6f31d825bda175dbc0c4f92
SHA11f2a4b8753b3aae225feac5487cc0011b73c0eb7
SHA2566ed17fb3ca5156b39fbc1ef7d1eefa95e739857607de4cd8d41cecfcd1350705
SHA512ec04013139f3fd9dbf22b92121d82b2eb97e136f8619790cde2d0b660280e838962f9006d3e4c3a359627b017f2b6ade7edff3bbc26e559c3de37540585602d9
-
Filesize
19KB
MD53d872be898581f00d0310d7ab9abaf2b
SHA1420e0ab98bb748723130de414f0ffed117ef3f7e
SHA2564de821884cbef4182b29d8c33cfe13e43e130ad58ee1281679e8d40a2edcb8ea
SHA51235cfb9888a5f4299403a0d9c57f0ba79e3625431a9acc5e04ae2ae101b3dc521a0dcff5d4a1bf508b25dbf05dd432f6987d860ff494d15538ed95673a8b7376b
-
Filesize
18KB
MD56c180c8de3ecf27de7a5812ff055737e
SHA13aad20b71bb374bb2c5f7431a1b75b60956a01fd
SHA256630466fd77ac7009c947a8370a0d0c20652169824c54ddcb8c05e8df45e23197
SHA512e4aa79eb2b6b3be9b545e8cb8b43cd6052036dc5cce7077be40441b9942931b30d76c475d550a178d4e94c9c366cabc852f500e482b7fdcd361fc2a08e41c00e
-
Filesize
1KB
MD52aeec77fe026972dfb7f8ff8a14dc9c2
SHA1aa619632e32027b0430c7d8d9e294971ac8e4595
SHA2563d555efb9aedd7a6444d0366e772db410c3ecd9a2da785c22fb97475b0758fbf
SHA512f0929def24035123ac1949bd93715c7e80652c301c3514d4e9d731cee6deca0a753c376496f6ae2433bcdfcb537c855c504f0bd44442832b012f52edbc8ac076
-
Filesize
4.3MB
MD511c051f93c922d6b6b4829772f27a5be
SHA142fbdf3403a4bc3d46d348ca37a9f835e073d440
SHA2560eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c
SHA5121cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6
-
Filesize
1000KB
MD5126821f73fd9ffce6e091cf9480e1b60
SHA1d10bbe9b65c2c6f8fca6850d0b79cbc6ef04d691
SHA2567b28f46f0a09cfd9129109a94b1c16c9c62eef46c09113c4c585d9bf0e69b2da
SHA512e61ad6c90551022fc257be95f6296a9f7d5a7aeaabd5349d81b1b31ea69b75dc3397698331f363d9fc2b005d9289a06dc1dcc2078e74b52775e0aae64daea36e