e48640ee5dd956721187f4723dfbeca8729872405a5d5da0e0b1a5aee054312e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe
Size

2.7MB
MD5

3876f83b180c740ef756c70271d3c856
SHA1

c0c4e2d1f6a2ff787cf7918be15fd9a2a1450189
SHA256

e48640ee5dd956721187f4723dfbeca8729872405a5d5da0e0b1a5aee054312e
SHA512

14d5bb244b01f59461c45766d14057ec484c812311e62bcf9787ed3cddbbd1780442194a5c96fadb3c68840ff7cfc620902fc2eda4b0716a17a51d63de8acfac
SSDEEP

49152:fzN8XRi2n2+RhLEb+BpVc5ROHMITBj0rCD4rGsC9jZvi0EWnPtkmphtNLSUm6BPy:fN22+RSbOc5wHtT0SzlK0PtDpZLSUm+6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe
1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe
1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe
1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe
1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2324	1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe	31
PID 1344 wrote to memory of 2324	1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe	31
PID 1344 wrote to memory of 2324	1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe	31
PID 1344 wrote to memory of 2324	1344	3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3876f83b180c740ef756c70271d3c856_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /x/d/c cls
  2⤵
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\pdk-Admin\38986a72e331aa3371b9c0b3d8fdb14c\IO.dll

Filesize
24KB

MD5
38986a72e331aa3371b9c0b3d8fdb14c

SHA1
e8ae80806c8fa46072da65744715940dc37dddaa

SHA256
df44c0835b267107a76dd1f6514ad14c3a640c8d2fd9d980fc7e05a6ff418c77

SHA512
018339c37b2d33f69d88447cc00b5cde65afc7ab9c9154014632266091dc0b2ac2b5cf49d0f982a5ff02d635a173cb5f2bcdcd151546321dc3c8cc8cbfa84de4

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\42b1f9f409403b393d2e54d69972e703\perl510.dll

Filesize
876KB

MD5
42b1f9f409403b393d2e54d69972e703

SHA1
f7b78b98c2a6e774075da011e6ebff2a26d0e863

SHA256
8b247bf7d94c5319cc26e0a312ae628daf2e7e22e0bb23d18ae69fa075804f74

SHA512
1d088d553c9cc891c5dcbfdfcca24f02176b6ae4264dd63b08b50c4c948417017ec896c470e7c900a0f0e957d6f0ebb06a96178c3f02c5b1b9de5464e116c78b

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\457560a36b2209b3496626f488a8c48d\Dumper.dll

Filesize
32KB

MD5
457560a36b2209b3496626f488a8c48d

SHA1
899fdc1774222477c28fc8511436e2644d7433b7

SHA256
7b16a2bd3fefee010d3beae153a5b72c7cc85759582be13d13e7bfc0274db2a3

SHA512
7cab67caef055641f90a4001e44d12165755ad1b97e709fa01bd0503be7f91a3b9c6ec58fa2f22552dcf712a23689ffb950d5948b1313c8a67339c7966d31f9f

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\6e5f1543bed2499b49d09aa2723f6536\Storable.dll

Filesize
64KB

MD5
6e5f1543bed2499b49d09aa2723f6536

SHA1
db4054c43ac5f34f7dedb12218c9753454f01f18

SHA256
ceaf0626f60807132862bf7882b94b2dd4fc2e206110dc20e7790e21e033122b

SHA512
5d8871a6685bb82ee4f5190625f5296314a6085990c301fec5b141706213b563768d4dfba5e34cf3655feb11722fb87913e41d8e9e100db8f045da7cad508eff

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\b05b0d2cb75b41059519f48829874abb\Fcntl.dll

Filesize
24KB

MD5
b05b0d2cb75b41059519f48829874abb

SHA1
05ee272c35735d3991e5d56ef89b48ee13e67f80

SHA256
5bd9b2777bfc9ecd406b9fed9ee7d8c4435243d87c691b0067bde2aad8b0906d

SHA512
39ad38ca6e8af3cc028b9a91cc3c90c6fa1512d2c6501571449bab3d470fca80edd5df1b70917c9786b4bbf9d6414b0647ae6cb0f8c6d562f67be8513d2f45d5

Download Submit
memory/1344-14-0x0000000000290000-0x00000000002A0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads