0a9bc415a123f9d82021fcd435d9083911a3de11a41de07448e83edb55cc1ae6

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 11:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
Size

394KB
MD5

19e38be7e9c5b42797e677d2378792c6
SHA1

7fcc25d8a3e06841ca9bced29fc077f78e117350
SHA256

0a9bc415a123f9d82021fcd435d9083911a3de11a41de07448e83edb55cc1ae6
SHA512

1f37ff4f503a914c26aa0a5ef3b2ec9e0178de14bf7eea9036c9dff7a0c17ea557428ed804b9561ebfb8d29e25f98ee41640430cb8bb19e1f65bd43b56c8e91a
SSDEEP

6144:BHwhVh7xJYe8RbOVPw/RoMzzk8fV18KgnY4RTPqAQS9PbC4d:BHwhDZMOhonE8tDgnY4kAF9Pe4d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 20 IoCs

pid	Process
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2912 set thread context of 2472	2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	28

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2472	2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	28
PID 2912 wrote to memory of 2472	2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	28
PID 2912 wrote to memory of 2472	2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	28
PID 2912 wrote to memory of 2472	2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	28
PID 2912 wrote to memory of 2472	2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	28
PID 2912 wrote to memory of 2472	2912	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
  2⤵
  PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
memory/2472-79-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2472-81-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2912-22-0x0000000000240000-0x000000000024F000-memory.dmp

Filesize
60KB

Download
memory/2912-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2912-32-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2912-40-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2912-48-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2912-54-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2912-66-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2912-78-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2912-15-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2912-13-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads