0a9bc415a123f9d82021fcd435d9083911a3de11a41de07448e83edb55cc1ae6

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 11:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
Size

394KB
MD5

19e38be7e9c5b42797e677d2378792c6
SHA1

7fcc25d8a3e06841ca9bced29fc077f78e117350
SHA256

0a9bc415a123f9d82021fcd435d9083911a3de11a41de07448e83edb55cc1ae6
SHA512

1f37ff4f503a914c26aa0a5ef3b2ec9e0178de14bf7eea9036c9dff7a0c17ea557428ed804b9561ebfb8d29e25f98ee41640430cb8bb19e1f65bd43b56c8e91a
SSDEEP

6144:BHwhVh7xJYe8RbOVPw/RoMzzk8fV18KgnY4RTPqAQS9PbC4d:BHwhDZMOhonE8tDgnY4kAF9Pe4d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 28 IoCs

pid	Process
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 644 set thread context of 2168	644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	80

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 2168	644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	80
PID 644 wrote to memory of 2168	644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	80
PID 644 wrote to memory of 2168	644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	80
PID 644 wrote to memory of 2168	644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	80
PID 644 wrote to memory of 2168	644	19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe	80

C:\Users\Admin\AppData\Local\Temp\19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:644
- C:\Users\Admin\AppData\Local\Temp\19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\19e38be7e9c5b42797e677d2378792c6_JaffaCakes118.exe
  2⤵
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
memory/644-35-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/644-19-0x00000000005B0000-0x00000000005BF000-memory.dmp

Filesize
60KB

Download
memory/644-20-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/644-31-0x00000000005C0000-0x00000000005CF000-memory.dmp

Filesize
60KB

Download
memory/644-47-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/644-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/644-51-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/644-71-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/644-83-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/644-95-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/644-98-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/644-116-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2168-117-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads