fc6fcf2b00f547b840fa95aad4f84522ee40d45f228bd3ceb7262757a46a0063

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe
Size

1.3MB
MD5

1bf1d3d8762c1070831846aaff5a0ca1
SHA1

1c44771cee5123efd8dcd40cb524bd2d571b834d
SHA256

fc6fcf2b00f547b840fa95aad4f84522ee40d45f228bd3ceb7262757a46a0063
SHA512

f0a81e635f08cdb20e70bd4b5c923e6f0ed719f4ac35724ed37f7d205b57ed4f20f4f8ef5802963dcac537571968b9bd18b322d376d215ea443c32f56a2cfadb
SSDEEP

24576:F56m/BbDiBpCHPodc0NgJFG1Wnqxr5l37iNLopSkUTNnr30MmVykeA:F56m/1DiBAUaGCSltMo8kytkr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2592	ttsy.exe
2668	Windows XP-087 .exe

Loads dropped DLL 4 IoCs

pid	Process
2804	cmd.exe
2804	cmd.exe
2732	cmd.exe
2732	cmd.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2592	ttsy.exe
2592	ttsy.exe
2592	ttsy.exe
2592	ttsy.exe
2592	ttsy.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2804	2940	1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe	28
PID 2940 wrote to memory of 2804	2940	1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe	28
PID 2940 wrote to memory of 2804	2940	1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe	28
PID 2940 wrote to memory of 2804	2940	1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe	28
PID 2940 wrote to memory of 2732	2940	1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe	29
PID 2940 wrote to memory of 2732	2940	1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe	29
PID 2940 wrote to memory of 2732	2940	1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe	29
PID 2940 wrote to memory of 2732	2940	1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe	29
PID 2804 wrote to memory of 2592	2804	cmd.exe	32
PID 2804 wrote to memory of 2592	2804	cmd.exe	32
PID 2804 wrote to memory of 2592	2804	cmd.exe	32
PID 2804 wrote to memory of 2592	2804	cmd.exe	32
PID 2732 wrote to memory of 2668	2732	cmd.exe	33
PID 2732 wrote to memory of 2668	2732	cmd.exe	33
PID 2732 wrote to memory of 2668	2732	cmd.exe	33
PID 2732 wrote to memory of 2668	2732	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1bf1d3d8762c1070831846aaff5a0ca1_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\AppData\Local\Temp\\ttsy.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\ttsy.exe
    C:\Users\Admin\AppData\Local\Temp\\ttsy.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2592
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\AppData\Local\Temp\\Windows XP-087 .exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Windows XP-087 .exe
    "C:\Users\Admin\AppData\Local\Temp\\Windows XP-087 .exe"
    3⤵
    - Executes dropped EXE
    PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Windows XP-087 .exe

Filesize
564KB

MD5
100646dc15881287b7993ee6b5abeab5

SHA1
9d26f5fd66b4164c18abd6b4e2da1f5095cb14d6

SHA256
b0c359a9f7c774b4d808be3eb89530b5cc48f876f66f1f86897c147eda60353c

SHA512
f62e3da861232c7d68b4924cccd76d7b22191b0f3c895d9799166f353f3b1134f78b32b3ed28944d4e80b3571de63950551fe3d7877918267d61c94d3e7cfba1

Download Submit
\Users\Admin\AppData\Local\Temp\ttsy.exe

Filesize
664KB

MD5
174bdd918a7deeb4a390c5b29f82f2a3

SHA1
480fc28d79b8beffce8a61c35b94ad83240c9eea

SHA256
f515c30b08c1048378ba101a60172f80ca9a1caa00e42b0ad8448f088fcdb659

SHA512
21e315a16d32287d2111a51a83b72da0bfe13b3a286316ea430d8c5cf4739209bfdbfea44112c685a43d2e914f6966da2ee80b4d2db72fe2ed3358863ef7ddb6

Download Submit
memory/2592-19-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2592-22-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2592-20-0x0000000000400000-0x00000000004E8A08-memory.dmp

Filesize
930KB

Download
memory/2592-9-0x0000000000400000-0x00000000004E8A08-memory.dmp

Filesize
930KB

Download
memory/2668-18-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/2668-16-0x0000000000510000-0x00000000005B0000-memory.dmp

Filesize
640KB

Download
memory/2668-15-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/2732-14-0x0000000002410000-0x0000000002512000-memory.dmp

Filesize
1.0MB

Download
memory/2804-6-0x0000000000610000-0x00000000006F9000-memory.dmp

Filesize
932KB

Download
memory/2804-7-0x0000000000610000-0x00000000006F9000-memory.dmp

Filesize
932KB

Download
memory/2940-2-0x0000000000400000-0x000000000054B000-memory.dmp

Filesize
1.3MB

Download