0e7214584bdad9c536fe297b7d73d360ef3597859be19f12c73bc78a8b747685

General

Target

305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
Size

26KB
MD5

305cf7b3e8ac3aeb5a8a15efe025c39f
SHA1

b6174ff4428273f3183ba21ef2dc0299f19b81b8
SHA256

0e7214584bdad9c536fe297b7d73d360ef3597859be19f12c73bc78a8b747685
SHA512

0cbb960ef216815a8ec1a43a11fbe5099de0bd9dbfede43e40beb2e9395e99f977d2a927c56cb56366ce7bd19eacf44e08e584b17fa45067e573d20113f5c08b
SSDEEP

768:iv18zJFLiTELx7WN5kgP4AO5ZBp4cNjs3hgi2uC/Y:qWTLoUxA5kgw994xxUY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2256	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
2824	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02
2672	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
2936	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02

Loads dropped DLL 8 IoCs

pid	Process
2232	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
2232	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
2256	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
2256	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
2824	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02
2824	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02
2672	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
2672	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.QBJ	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.KAM	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7z.LPB	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.MEB	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.TOE	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7zG.ARH	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2256	2232	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe	31
PID 2232 wrote to memory of 2256	2232	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe	31
PID 2232 wrote to memory of 2256	2232	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe	31
PID 2232 wrote to memory of 2256	2232	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe	31
PID 2256 wrote to memory of 2824	2256	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01	32
PID 2256 wrote to memory of 2824	2256	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01	32
PID 2256 wrote to memory of 2824	2256	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01	32
PID 2256 wrote to memory of 2824	2256	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01	32
PID 2824 wrote to memory of 2672	2824	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02	33
PID 2824 wrote to memory of 2672	2824	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02	33
PID 2824 wrote to memory of 2672	2824	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02	33
PID 2824 wrote to memory of 2672	2824	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02	33
PID 2672 wrote to memory of 2936	2672	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01	34
PID 2672 wrote to memory of 2936	2672	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01	34
PID 2672 wrote to memory of 2936	2672	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01	34
PID 2672 wrote to memory of 2936	2672	305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01	34

C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
  C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02
    C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
      C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02
        
        C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~02
        5⤵
        Executes dropped EXE
        
        PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\305cf7b3e8ac3aeb5a8a15efe025c39f_JaffaCakes118.~01

Filesize
26KB

MD5
305cf7b3e8ac3aeb5a8a15efe025c39f

SHA1
b6174ff4428273f3183ba21ef2dc0299f19b81b8

SHA256
0e7214584bdad9c536fe297b7d73d360ef3597859be19f12c73bc78a8b747685

SHA512
0cbb960ef216815a8ec1a43a11fbe5099de0bd9dbfede43e40beb2e9395e99f977d2a927c56cb56366ce7bd19eacf44e08e584b17fa45067e573d20113f5c08b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads