db248661c574485b7b3b58f67fb645e47c3cec688a031e4865c9bbe79a49d08c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
Size

1.1MB
MD5

2ae9779b51f0ebe585959920a284171e
SHA1

a8906de6c7d7663a23318ef9164e342c15342a85
SHA256

db248661c574485b7b3b58f67fb645e47c3cec688a031e4865c9bbe79a49d08c
SHA512

3b5fb13046655dba24e7dc235696fce2327ac0e48c09c197174af07e7e9f35811554a2806d1e1d643691f58db24889eceb63aa30be2ffe5ad71f26c5cba8a2ae
SSDEEP

24576:M8GeYRplj+vdf6ECVeuvPNKjZGDrNnt/qxo:M8GeYRpJ2df6EGKgDCxo

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\red\cancel _hover.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\replace\down_border.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\js\index\call_back.js	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\style	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\public\js	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\js\iepopo	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\newtip.htm	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\newtip.htm	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\js\main\js_loader.js	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\js\feedback\kwebapp.js	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\setup.vbs	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\iepopo\close_h.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\button01_normal.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\go_hover.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\js\alert	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\green\submit_normal.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\ver.dat	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\newtip\Tooltipbackimage.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\green\submit_hover.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\red\close_down.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\kws0.ini	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\jiankong_on.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\public\css\common.css	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\replace\btn_normal.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\orange\del_normal.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\red\bg.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\red\submit_down.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\popo8.htm	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\kws_bind.cfg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\mingdan_normal.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\css\main.css	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\js\feedback\js_loader.js	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\orange\del_hover.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\red\submit_normal.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\shezhi_normal.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\style\newtip.css	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\orange\close_hover.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\mingdan_on.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\js\iepopo\js_loader.js	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\orange\del_down.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\alert\btn_hover.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\chakan_on.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\icob2_down.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\rz_table_bg.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\red\close_normal.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\iepopo\auto_del_h.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\option	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\orange\bg.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\alert\close_down.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\alert\ico1.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\icob3_down.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\replace\top_border.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\images\red\submit_down.jpg	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\kxestat.dll	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\alert\btn_hover.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\alert\logo.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\replace\right_border.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\js\option\js_loader.js	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\__tmp_rar_sfx_access_check_240617640	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\js\newtip\newtip.pack.js	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\images\index\button03_down.gif	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\kwebshield\main.htm	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\webui\popo\popo2.htm	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\wmplayer\setup.vbs	2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2ae9779b51f0ebe585959920a284171e_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
PID:3528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3528-364-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads