cd3059d040675714fd5f016009af62049c188f0e40c9e0cec33857142866e0b3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 18:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe
Size

564KB
MD5

1c138de648fb5b72b245a34c935230ba
SHA1

67837cbabcfe5c0402a0266f7cce3e62019fb058
SHA256

cd3059d040675714fd5f016009af62049c188f0e40c9e0cec33857142866e0b3
SHA512

b514394b0ec4b067fba031faa369226006a3b2d65633bee72c3b2c287a38300b59c9f56d0217f1cfbbff4ccfd7a93806dd5430c047fad6c4a15997fef1534d51
SSDEEP

12288:EX9XjKJDCFeJXNnSPmSSgttbz+h7YiSY36XlT:04NCcNI1lj

Score

9^/10

Malware Config

Signatures

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
behavioral2/memory/4388-5-0x0000000000400000-0x0000000000479000-memory.dmp	MailPassView

Nirsoft 1 IoCs

resource	yara_rule
behavioral2/memory/4388-5-0x0000000000400000-0x0000000000479000-memory.dmp	Nirsoft

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	4388	WerFault.exe	82

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4388	1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe
4388	1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
4388	1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe
4388	1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4388	1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 1116	4388	1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe	86
PID 4388 wrote to memory of 1116	4388	1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe	86
PID 4388 wrote to memory of 1116	4388	1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1c138de648fb5b72b245a34c935230ba_JaffaCakes118.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 1184
  2⤵
  - Program crash
  PID:2612
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe "C:\Users\Admin\AppData\Roaming\1c138de648fb5b72b245a34c935230ba_JaffaCakes118.il"
  2⤵
  PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4388 -ip 4388
1⤵
PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\1c138de648fb5b72b245a34c935230ba_JaffaCakes118.il

Filesize
881B

MD5
fa176fc3e0b48020d2445d04b292205e

SHA1
a904c3929bce904588dfdd9ee01c7f86f106a746

SHA256
fe6986f488771b79cee6f5d8f463f91a2123729e2d69bce875f8eca2acc0c969

SHA512
cde96a04392e1fdf82dee1eb4077009c1f4e4620c3a85b721886438a0fb147207af913c58c93d00e714299854d8edefb78bf40b413d8474a717a62828a233cf9

Download Submit
memory/4388-16-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-19-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-5-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4388-2-0x0000000002310000-0x0000000002320000-memory.dmp

Filesize
64KB

Download
memory/4388-11-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-12-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-13-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-14-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-4-0x0000000077941000-0x0000000077A61000-memory.dmp

Filesize
1.1MB

Download
memory/4388-15-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-10-0x00000000741E2000-0x00000000741E3000-memory.dmp

Filesize
4KB

Download
memory/4388-3-0x0000000002310000-0x0000000002320000-memory.dmp

Filesize
64KB

Download
memory/4388-23-0x0000000002310000-0x0000000002320000-memory.dmp

Filesize
64KB

Download
memory/4388-24-0x0000000002310000-0x0000000002320000-memory.dmp

Filesize
64KB

Download
memory/4388-26-0x00000000741E2000-0x00000000741E3000-memory.dmp

Filesize
4KB

Download
memory/4388-27-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-28-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-29-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download
memory/4388-31-0x00000000741E0000-0x0000000074791000-memory.dmp

Filesize
5.7MB

Download