d1ae39c77ee83c5470dfb89e96c4cee2be938c31811810b164aee9b6f7dd06d9

Analysis

max time kernel
92s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
Size

492KB
MD5

3369fd0a028c43f58514eb08a05ab972
SHA1

7e789e655d4adaf61fc92f23d1b662ebbb51960d
SHA256

d1ae39c77ee83c5470dfb89e96c4cee2be938c31811810b164aee9b6f7dd06d9
SHA512

fa18777f632f34086977cfe00c9b3e3b36168afff09d17229c5ba2bae591672ed759e8f3ca4d2d2def5d364cc5b7e0163ef484c29602584a172e83fcd3c2e8a3
SSDEEP

6144:1DeKiA7zEq/lg1VPcOh4pBWF/VPdaeKY8DMFwUu+klyK5XOgpbAAdcOPl:BusEv1WOeUDdaCFxuNOnRO

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4280 set thread context of 8640	4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe	84

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 8640	4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe	84
PID 4280 wrote to memory of 8640	4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe	84
PID 4280 wrote to memory of 8640	4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe	84
PID 4280 wrote to memory of 8640	4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe	84
PID 4280 wrote to memory of 8640	4280	3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Users\Admin\AppData\Local\Temp\3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\3369fd0a028c43f58514eb08a05ab972_JaffaCakes118.exe
  2⤵
  PID:8640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.85\cd.dll

Filesize
52KB

MD5
11604a1af886bd4cf428b98d86e2f8e1

SHA1
93aa72a76687b1ea8d0caa2b7f1ae219a6f1f1a5

SHA256
104ab0e5a4a923dba8baaac76cb8e063508ddb7e758d36875e676a483dce4435

SHA512
8e0406620f899458061a1fa3af36d3c82393587bb5eedfd619e71cf2e6563966689d20461e412f813a4dfe9d7429982e7e3c50e426608e5b55e4737fac27bf76

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.85\le.dll

Filesize
84KB

MD5
2d8c9afe4547390037a06fc5c25d1313

SHA1
9ffc071907d8cf7f08bbf5c0c1c8339cc2a60d8c

SHA256
4a50afe26c6a7bbcdad8b7310898e4d121d6e9e252f047e8c0ad78d8c26ffcf2

SHA512
a640048f757361138bbe4edf7ca7410a18e6073e48f9abdbef94e3653e151d15893266e2eb8ae6b80e6f8e8b9d0fa1cbf5971f78f76dd6e8c867f56509a9b6de

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.85\lri.dll

Filesize
80KB

MD5
645ca36178b2796083e0935b004abe7a

SHA1
84678b186116ec1601beaa5031b711a50909cfaa

SHA256
c04d4ed9c71a63af0ba505a5092a0c518d1b41de781febd13c19d214428cd0a7

SHA512
7a7284e20b78e682f9c1fe0400575eddf69847809d3e6171e2974cd51ccc06a0a84f5b0116fa809b556b10610ecff91b1b1759b1684b9e702b52cbbc2c60f013

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.85\lz.dll

Filesize
32KB

MD5
74fe1aec323f20a5602cd8e981fd528c

SHA1
94369e77cff040987fbb49b5edcc507738c9a3eb

SHA256
f636a49a1c8bc5fce4c60bafb2b4fb75b9055430e704135eee7d2e9350195647

SHA512
0483881e15607a45db7346a0b3c252bd371d35b070f7b41bb8d77ac0ea8e26b33cb8235f91a10594560caa648c81a05d76c682ce7292b89d67b94e92c345463c

Download Submit
memory/4280-4071-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-6196-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-25-0x00000000005D0000-0x00000000005E5000-memory.dmp

Filesize
84KB

Download
memory/4280-19-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-842-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-1574-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-2571-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-3121-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-0-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/4280-4735-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-5456-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-233-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-6276-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-6258-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/4280-7074-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-8264-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-9608-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-8965-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-10325-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-10514-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-12387-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-12390-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4280-12393-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads