c7e6473c287666b1adb48b0a8b8fc47e073e59d023ee79e287463c1148ecf07f

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 13:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

161a9751f1b788acd1e03aa79e1e52ea_JaffaCakes118.exe
Size

391KB
MD5

161a9751f1b788acd1e03aa79e1e52ea
SHA1

b9067b4e7430653034a4917e0cca275f30cc8dec
SHA256

c7e6473c287666b1adb48b0a8b8fc47e073e59d023ee79e287463c1148ecf07f
SHA512

017df4873f7b478ba5189685e42f73419b83b21b167b4db8f5cc6413d735988ca9d7bc021fafad4880a9dea15d80eae5b9393a03fd00bdc75adc093db0b67ef2
SSDEEP

6144:G3DM5k0X1/P5GwK0ofG64WLdsAhrOD9S088A42G98gWNlPTGQQm6agrd+h:G3DwPJK0WGWSwCw8A4SNtTirdW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4748	Windows111.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Delete.bat	161a9751f1b788acd1e03aa79e1e52ea_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4748	Windows111.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 1548	116	161a9751f1b788acd1e03aa79e1e52ea_JaffaCakes118.exe	87
PID 116 wrote to memory of 1548	116	161a9751f1b788acd1e03aa79e1e52ea_JaffaCakes118.exe	87
PID 116 wrote to memory of 1548	116	161a9751f1b788acd1e03aa79e1e52ea_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\161a9751f1b788acd1e03aa79e1e52ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\161a9751f1b788acd1e03aa79e1e52ea_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
  2⤵
  PID:1548

C:\Windows111.exe
C:\Windows111.exe
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:4748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows111.exe

Filesize
391KB

MD5
161a9751f1b788acd1e03aa79e1e52ea

SHA1
b9067b4e7430653034a4917e0cca275f30cc8dec

SHA256
c7e6473c287666b1adb48b0a8b8fc47e073e59d023ee79e287463c1148ecf07f

SHA512
017df4873f7b478ba5189685e42f73419b83b21b167b4db8f5cc6413d735988ca9d7bc021fafad4880a9dea15d80eae5b9393a03fd00bdc75adc093db0b67ef2

Download Submit
C:\Windows\Delete.bat

Filesize
214B

MD5
d6b64436794a8ac893b934bbf647bc5b

SHA1
09dfe9072407a64943ccacf3a0da8ea0755ab0fa

SHA256
d62908af71367a55a2927da7da5754abc8c05d654b5462fb6642ce90c08bea77

SHA512
c01fe69590af9434a31cb673833419187c1ee414ced09c8fefe3c03242fce4001901e0d4a54efc47835d77bef4b05dd81a7b231e847dd7650e1b41c2f45c9dbc

Download Submit
memory/116-1-0x0000000000A20000-0x0000000000A63000-memory.dmp

Filesize
268KB

Download
memory/116-5-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/116-4-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/116-2-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/116-18-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/116-0-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/116-8-0x0000000002480000-0x0000000002484000-memory.dmp

Filesize
16KB

Download
memory/116-11-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/116-6-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/116-3-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/116-7-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/116-21-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/116-19-0x0000000000A20000-0x0000000000A63000-memory.dmp

Filesize
268KB

Download
memory/4748-15-0x0000000000600000-0x0000000000643000-memory.dmp

Filesize
268KB

Download
memory/4748-20-0x0000000001220000-0x0000000001221000-memory.dmp

Filesize
4KB

Download
memory/4748-14-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/4748-23-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/4748-24-0x0000000000600000-0x0000000000643000-memory.dmp

Filesize
268KB

Download
memory/4748-25-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/4748-27-0x00000000010F0000-0x00000000010F4000-memory.dmp

Filesize
16KB

Download
memory/4748-28-0x0000000001220000-0x0000000001221000-memory.dmp

Filesize
4KB

Download
memory/4748-30-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/4748-34-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/4748-38-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads