Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
04-07-2024 06:23
General
-
Target
24ed9ee01ba3c03fc913deee79b6be7e_JaffaCakes118.exe
-
Size
26KB
-
MD5
24ed9ee01ba3c03fc913deee79b6be7e
-
SHA1
e289553d5d1dba1a6e19926d01d53460425d5058
-
SHA256
c66ae62d7247e69f68fddc720d1a621b47120325b3de23c4e7fb6c671b7b912b
-
SHA512
5e050f6852dab1c04af1beb5daeb0d283d39daf9e69e4a55719937c581b35b6b16395dfc6635db311e5b68e21ba50fb185e32b01bb78480ee2c30e5000b301e5
-
SSDEEP
768:54HXLfu27edOT00khOPqs98ewanaX/mw/6xLI:5IpSdOT00k0qsGw6ewia
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24ed9ee01ba3c03fc913deee79b6be7e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\24ed9ee01ba3c03fc913deee79b6be7e_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\24ed9ee01ba3c03fc913deee79b6be7e_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\24ed9ee01ba3c03fc913deee79b6be7e_JaffaCakes118.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe66⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"67⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe68⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"69⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe70⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"71⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe72⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"73⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe74⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"75⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"77⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe78⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"79⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe80⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"81⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe82⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"83⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe84⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"85⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe86⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"87⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe88⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"89⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe90⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"91⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe92⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"93⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe94⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"95⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe96⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"97⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe98⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"99⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe100⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"101⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe102⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"103⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe104⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"105⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe106⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"107⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe108⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"109⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe110⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"111⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe112⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"113⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe114⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"115⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe116⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"117⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe118⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"119⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\infocard.exeC:\Windows\SysWOW64\infocard.exe120⤵
-
C:\Windows\SysWOW64\infocard.exe"C:\Windows\system32\infocard.exe"121⤵
- Suspicious use of SetThreadContext
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-