Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
12-07-2024 05:36
General
-
Target
3c2a0e83750ce5f730fc5d68bb22d93f_JaffaCakes118.exe
-
Size
22KB
-
MD5
3c2a0e83750ce5f730fc5d68bb22d93f
-
SHA1
525be3e7e672cea78e070f1480e3521da9694bdd
-
SHA256
78cb48d4f58ead0a1d6b9e20bccfd164c53a541f4476b3007b41087dea5f269b
-
SHA512
98c9ea640f0970902528be640d4ae0fcdde70a9dba5e47e63981be580cfbe47f3543c68cfd03d14b492f5dc35ce1b4c880357002b3f9b49dabb3143079d92549
-
SSDEEP
384:ypsSpg11+XCEuQ+M31f1AVe2NUwznHPPbMcYmszuK/UActaaKnhLIgL:aps8Cqxf1j2NUOoXzXTZ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c2a0e83750ce5f730fc5d68bb22d93f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3c2a0e83750ce5f730fc5d68bb22d93f_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3c2a0e83750ce5f730fc5d68bb22d93f_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\3c2a0e83750ce5f730fc5d68bb22d93f_JaffaCakes118.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe66⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"67⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe68⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"69⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe70⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"71⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe72⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"73⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe74⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"75⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe76⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"77⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe78⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"79⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe80⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"81⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe82⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"83⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe84⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"85⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe86⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"87⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe88⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"89⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe90⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"91⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe92⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"93⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe94⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"95⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe96⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"97⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"99⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe100⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"101⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe102⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"103⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe104⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"105⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe106⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"107⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe108⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"109⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe110⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"111⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe112⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"113⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe114⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"115⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe116⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"117⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe118⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"119⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\mdm.exeC:\Windows\SysWOW64\mdm.exe120⤵
-
C:\Windows\SysWOW64\mdm.exe"C:\Windows\system32\mdm.exe"121⤵
- Suspicious use of SetThreadContext
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-