065e00c9959597d53ec2bb79059aabb8728f2f2b0cd45889b8ac21efe25be97e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
Size

656KB
MD5

1962fe426420a528a79bc15ffb613673
SHA1

ee7e91e23bcd3718417228a898dd0083f441d146
SHA256

065e00c9959597d53ec2bb79059aabb8728f2f2b0cd45889b8ac21efe25be97e
SHA512

d5d8d6fe5379fac68523570089bfe5859f8f69815907d67985db9ca1161193ca3f80d32a988282b2a3340a6faa3ac43f182cc7e7170deaaf0aa96574785ad98d
SSDEEP

12288:qwiNnFYYvncgVhfc8oBDXt8OReHk70O7xZCgEUEuB3s7ext:qtFCYnFoBrOOGFOdwgEUx3s2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2744	carss.exe

Loads dropped DLL 2 IoCs

pid	Process
2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
2744	carss.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\wi259393330nd.temp	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\carss.exe	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\carss.exe	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe
2744	carss.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2744	2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe	28
PID 2516 wrote to memory of 2744	2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe	28
PID 2516 wrote to memory of 2744	2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe	28
PID 2516 wrote to memory of 2744	2516	1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1962fe426420a528a79bc15ffb613673_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files\Internet Explorer\carss.exe
  "C:\Program Files\Internet Explorer\carss.exe" C:\WINDOWS\Temp\hx107.tmp CodeMain
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\WINDOWS\Temp\hx107.tmp

Filesize
20.2MB

MD5
8c54b3bf361918296ce013fab81ac9f7

SHA1
112558ff3249adf992493cd5fc0ec1433dc3fc72

SHA256
3e91935a8d24594d234bffc10791b73ef0d7771976c6a0d3995a8bae05ba5759

SHA512
b4035d6509ec7edda341a8b3cb34c476dc5960b742b13e7cba6c17a38a68a0b08b274d51c00a7c7a0c2f31dc84475f10a51230121535a6a04b9cc037a4580b79

Download Submit
\Program Files\Internet Explorer\carss.exe

Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
memory/2516-0-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2516-1-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2516-2-0x0000000000401000-0x0000000000404000-memory.dmp

Filesize
12KB

Download
memory/2516-14-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2516-15-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2516-16-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2516-17-0x0000000000401000-0x0000000000404000-memory.dmp

Filesize
12KB

Download
memory/2516-18-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/2516-20-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download