b017e427ac12d8528627b6bc0994cb7480dcf8ee4366a79663e78d92e338e98b

General

Target

3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe
Size

103KB
MD5

3963444c865caab10aedf9a4ec964e30
SHA1

7e6838fce6efc049087aee0cd7c6f27709014b47
SHA256

b017e427ac12d8528627b6bc0994cb7480dcf8ee4366a79663e78d92e338e98b
SHA512

612f5fb47e7a4c6040117e6cb0fa3252d490113222f8f9a9e922a6e9f3cc8ffe8e62840a17131dffdb704298031563d60deb333c220a7da3618a1d0a5c4e18d1
SSDEEP

3072:ieYWaeHn1CRMDlT0M0RQYX/YFxk45i28YKD:nYWaeHn1CmD+5vYFxMTD

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1488 set thread context of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 2184 set thread context of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2900	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe
2900	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe
1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe
2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 1488 wrote to memory of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 1488 wrote to memory of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 1488 wrote to memory of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 1488 wrote to memory of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 1488 wrote to memory of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 1488 wrote to memory of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 1488 wrote to memory of 2184	1488	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	31
PID 2184 wrote to memory of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32
PID 2184 wrote to memory of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32
PID 2184 wrote to memory of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32
PID 2184 wrote to memory of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32
PID 2184 wrote to memory of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32
PID 2184 wrote to memory of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32
PID 2184 wrote to memory of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32
PID 2184 wrote to memory of 2900	2184	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	32
PID 2900 wrote to memory of 1192	2900	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	21
PID 2900 wrote to memory of 1192	2900	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	21
PID 2900 wrote to memory of 1192	2900	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	21
PID 2900 wrote to memory of 1192	2900	3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1192
- C:\Users\Admin\AppData\Local\Temp\3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1488
- - C:\Users\Admin\AppData\Local\Temp\3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\3963444c865caab10aedf9a4ec964e30_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-26-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1192-23-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1488-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1488-3-0x0000000000290000-0x00000000002A0000-memory.dmp

Filesize
64KB

Download
memory/1488-7-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2184-10-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2184-8-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2184-12-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2184-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2184-18-0x00000000003B0000-0x00000000003C0000-memory.dmp

Filesize
64KB

Download
memory/2184-22-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2184-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2184-6-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2900-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2900-19-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/2900-17-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads