837dd34d0b5c426c659c6c041c81ba16b6a0a368ea691c2996a23345fd51dc6f

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2927b1d10faee01dfaa7ac18bdb411c5_JaffaCakes118.exe
Size

1.0MB
MD5

2927b1d10faee01dfaa7ac18bdb411c5
SHA1

78fb031685faa30e70826860ed25477c45a63e6b
SHA256

837dd34d0b5c426c659c6c041c81ba16b6a0a368ea691c2996a23345fd51dc6f
SHA512

c12c3f488c731c49f17ca9a66b9eee14e44a0636e992f8a05116e39a9cbd0d5c9d60f39dbcef84bce74fb20afb2f6b6f0027db4651d859b52f73c6af4c6bdeae
SSDEEP

12288:T0IMpJA81OoHHqHP9tF3Z4mxxNpOyqkGKi/i2X14mOTeNTn:T0IyJAKOoHAtQmXu+BS+O

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\FieleWay.txt	2927b1d10faee01dfaa7ac18bdb411c5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 4264	3616	2927b1d10faee01dfaa7ac18bdb411c5_JaffaCakes118.exe	91
PID 3616 wrote to memory of 4264	3616	2927b1d10faee01dfaa7ac18bdb411c5_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\2927b1d10faee01dfaa7ac18bdb411c5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2927b1d10faee01dfaa7ac18bdb411c5_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3616
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,7545522914305657361,9950105517201397946,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:8
1⤵
PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3616-0-0x0000000000B40000-0x0000000000B94000-memory.dmp

Filesize
336KB

Download
memory/3616-1-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/3616-13-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/3616-12-0x00000000034C0000-0x00000000034C3000-memory.dmp

Filesize
12KB

Download
memory/3616-11-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/3616-10-0x00000000034C0000-0x00000000035C0000-memory.dmp

Filesize
1024KB

Download
memory/3616-9-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/3616-14-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3616-8-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/3616-7-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/3616-6-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/3616-5-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/3616-4-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/3616-3-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/3616-17-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/3616-16-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/3616-15-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

Filesize
4KB

Download
memory/3616-2-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/3616-19-0x0000000000B40000-0x0000000000B94000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads