becc39eff6febb3a1990b94316ee91a1901643dcb2a560a492aeb7639fdaa7ff

General

Target

3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe
Size

301KB
MD5

3ef61d2ba53ff2104ed60b258db3fbfd
SHA1

90a738bb67f3b1e93706c4985f71d2a094ab372c
SHA256

becc39eff6febb3a1990b94316ee91a1901643dcb2a560a492aeb7639fdaa7ff
SHA512

7d10c420d3a164aab04f3f92fac7199a6b4cc0eb075157ad4763499c77d102d5ae97179592418191a03421635698a56cb269c791085683b4d68dcc6b572ebdf8
SSDEEP

6144:BtuIDeYxqdSzTWPu7g/Hc2dwv/rCPCE+nPTzojQNHJCOdZUDfQ6w6BumY01Q0:BttDG8ut/Hcmwv/rCK1nCQNHJFwsmumr

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2640	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2236	ivsowo.exe

Loads dropped DLL 1 IoCs

pid	Process
2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2164 set thread context of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2096	2164	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	31
PID 2096 wrote to memory of 2236	2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	32
PID 2096 wrote to memory of 2236	2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	32
PID 2096 wrote to memory of 2236	2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	32
PID 2096 wrote to memory of 2236	2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	32
PID 2236 wrote to memory of 2800	2236	ivsowo.exe	33
PID 2236 wrote to memory of 2800	2236	ivsowo.exe	33
PID 2236 wrote to memory of 2800	2236	ivsowo.exe	33
PID 2236 wrote to memory of 2800	2236	ivsowo.exe	33
PID 2096 wrote to memory of 2640	2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	34
PID 2096 wrote to memory of 2640	2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	34
PID 2096 wrote to memory of 2640	2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	34
PID 2096 wrote to memory of 2640	2096	3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe	34

C:\Users\Admin\AppData\Local\Temp\3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\3ef61d2ba53ff2104ed60b258db3fbfd_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Roaming\Yjicba\ivsowo.exe
    "C:\Users\Admin\AppData\Roaming\Yjicba\ivsowo.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Users\Admin\AppData\Roaming\Yjicba\ivsowo.exe
      "C:\Users\Admin\AppData\Roaming\Yjicba\ivsowo.exe"
      4⤵
      PID:2800
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp15dd87b7.bat"
    3⤵
    - Deletes itself
    PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp15dd87b7.bat

Filesize
271B

MD5
b1118e534a898feed5e80246ac2c4a3f

SHA1
ba628ab38f7eac256a365dc9810414657002290b

SHA256
1f0934f9d1c792ca488481b07b49af9e2f4c4fd21538be3487a1db5b61b8addd

SHA512
40130d7b288f446880b9b93084228d6eafa55172dbc0560873337162ec45c70425ae7e23ec4c5c0f8a61d01481b8fa4acbd8c80ece2bc65adf850e9f68a650a9

Download Submit
C:\Users\Admin\AppData\Roaming\Yjicba\ivsowo.exe

Filesize
301KB

MD5
1e263383971da00da00adba4847ee9ed

SHA1
dadad877e7d08d8c74c64728c5d964e33c766f3e

SHA256
515c6d5bac077ca5cbe7ed748fbdf813c6936cb685808e6474d6b96e913efb0e

SHA512
e796aaa75a6df963ba17fab4b3dd2189f9ce657c733a6d07e381869a46887016b18d24c5bdb9c5ac19a064e4e70a5224973e11de215aeb9430445dc2fde7e887

Download Submit
memory/2096-13-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-18-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-7-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-5-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2096-4-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-3-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-2-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-12-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-1-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-11-0x0000000000810000-0x000000000085D000-memory.dmp

Filesize
308KB

Download
memory/2096-15-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-14-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-29-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2096-22-0x0000000000100000-0x000000000014D000-memory.dmp

Filesize
308KB

Download
memory/2164-10-0x0000000000810000-0x000000000085D000-memory.dmp

Filesize
308KB

Download
memory/2164-0-0x0000000000810000-0x000000000085D000-memory.dmp

Filesize
308KB

Download
memory/2236-24-0x0000000000210000-0x000000000025D000-memory.dmp

Filesize
308KB

Download
memory/2236-27-0x0000000000210000-0x000000000025D000-memory.dmp

Filesize
308KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads