Analysis
-
max time kernel
131s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 10:37
Static task
static1
Behavioral task
behavioral1
Sample
3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe
-
Size
14KB
-
MD5
3d074426b1e62deb53df423539bfb19e
-
SHA1
a789216a0888725858b04398ce5057669270816a
-
SHA256
7d7c0024d937fd9b3150ffb61116b3c1dfcd55a4835e40beff216bb4e134584f
-
SHA512
419c49ad0af62ee6265888b7494c3e9b0a355919ccf48d83f515f385d7b4cf8d248b5ea7a0d4f83088cc4819d6ad67e91c20895d0fed6c231c183ff19e409517
-
SSDEEP
384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhvGg:hDXWipuE+K3/SSHgxlGg
Malware Config
Signatures
-
Executes dropped EXE 6 IoCs
pid Process 2268 DEMB4DE.exe 2916 DEMA4D.exe 2684 DEM5F7E.exe 1676 DEMB4DF.exe 2016 DEMA1E.exe 2644 DEM5FCC.exe -
Loads dropped DLL 6 IoCs
pid Process 2076 3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe 2268 DEMB4DE.exe 2916 DEMA4D.exe 2684 DEM5F7E.exe 1676 DEMB4DF.exe 2016 DEMA1E.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 2076 wrote to memory of 2268 2076 3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe 32 PID 2076 wrote to memory of 2268 2076 3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe 32 PID 2076 wrote to memory of 2268 2076 3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe 32 PID 2076 wrote to memory of 2268 2076 3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe 32 PID 2268 wrote to memory of 2916 2268 DEMB4DE.exe 34 PID 2268 wrote to memory of 2916 2268 DEMB4DE.exe 34 PID 2268 wrote to memory of 2916 2268 DEMB4DE.exe 34 PID 2268 wrote to memory of 2916 2268 DEMB4DE.exe 34 PID 2916 wrote to memory of 2684 2916 DEMA4D.exe 36 PID 2916 wrote to memory of 2684 2916 DEMA4D.exe 36 PID 2916 wrote to memory of 2684 2916 DEMA4D.exe 36 PID 2916 wrote to memory of 2684 2916 DEMA4D.exe 36 PID 2684 wrote to memory of 1676 2684 DEM5F7E.exe 38 PID 2684 wrote to memory of 1676 2684 DEM5F7E.exe 38 PID 2684 wrote to memory of 1676 2684 DEM5F7E.exe 38 PID 2684 wrote to memory of 1676 2684 DEM5F7E.exe 38 PID 1676 wrote to memory of 2016 1676 DEMB4DF.exe 40 PID 1676 wrote to memory of 2016 1676 DEMB4DF.exe 40 PID 1676 wrote to memory of 2016 1676 DEMB4DF.exe 40 PID 1676 wrote to memory of 2016 1676 DEMB4DF.exe 40 PID 2016 wrote to memory of 2644 2016 DEMA1E.exe 42 PID 2016 wrote to memory of 2644 2016 DEMA1E.exe 42 PID 2016 wrote to memory of 2644 2016 DEMA1E.exe 42 PID 2016 wrote to memory of 2644 2016 DEMA1E.exe 42
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3d074426b1e62deb53df423539bfb19e_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Users\Admin\AppData\Local\Temp\DEMB4DE.exe"C:\Users\Admin\AppData\Local\Temp\DEMB4DE.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Users\Admin\AppData\Local\Temp\DEMA4D.exe"C:\Users\Admin\AppData\Local\Temp\DEMA4D.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Users\Admin\AppData\Local\Temp\DEM5F7E.exe"C:\Users\Admin\AppData\Local\Temp\DEM5F7E.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\DEMB4DF.exe"C:\Users\Admin\AppData\Local\Temp\DEMB4DF.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Users\Admin\AppData\Local\Temp\DEMA1E.exe"C:\Users\Admin\AppData\Local\Temp\DEMA1E.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Users\Admin\AppData\Local\Temp\DEM5FCC.exe"C:\Users\Admin\AppData\Local\Temp\DEM5FCC.exe"7⤵
- Executes dropped EXE
PID:2644
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD55e0e853a785256fdc5b2c601d3737daa
SHA18901f64d123418a694c81ea97fea5f546c123615
SHA256e12832b347bbd21fe11750ae13d21003c6396b81f200ff7e2b44639e70281160
SHA512726abaf60a0312a296f151c38dc805a078b09f0d85073141526f368492588ec5bafd392312b1ebfbc636b46c60d1bbf88ced2d7edbae9256588b97d9526cf121
-
Filesize
14KB
MD5fe1c44a75086342295b8232c26857e57
SHA1c5f632c27f0639efee5216c3fd57d87812de691f
SHA2562d0078b09681ef4fa1386ae7409caf3da7edc140b0b43f0a54198a62c343449e
SHA51247f85800fe74c576ee29fd84adac43291608c2f9d197767d48caf39e591c056a98be44b84925cdb47e826bec854fd9140ee437ff2b6be9a7aaf76e6b7fcf70c5
-
Filesize
14KB
MD544b5cc6a16c6df28e57a4cfe0d1be143
SHA1d745a252ff4247f27833f04f0eaaac8f4e28aa87
SHA2564363256d7334722ba25620cdfed3ee4a799f07d9447ff5f634d39220317b09b4
SHA512053e17919e46ec25ecd1381bb7cf5e0872db1670d44dfdcdbffa9652ab03a0898d0f9c9e4420b1613bddafe8175bb7fbb87216cb25a3238fc9b782407705f198
-
Filesize
14KB
MD58f9985feaf4cb60cdc42034165db5294
SHA1b37b8c43c47e0349fb6f3434f202070b4463a285
SHA2569e98c596dcec76cf564782e19b8d27a0f46ddc7b9d669940eca98066e41177a5
SHA51253a78456f264d296ed5d6cc6169a74c38f10f3409926fdd6e60da5395c9f2ff25814482ac728e3e13d04c488efd693afa5261f0fe0c69dc30cbd6045c0da077a
-
Filesize
14KB
MD59b8c36ad42aacbc6ec285f43f4dddda8
SHA18d8ea839d1951f60700e098d6b04d1a6d9e9617d
SHA256dc9a32196de499ac93b7ad8b62733a802a3ba7275b711e809390da0362b19b4d
SHA512093f9dcfd7a39a9594414e3c7192d82bdd19fbd689e370ded126b7384735f4b3b57789709a3936118d44f4bfb0372edbc166312173984d38cd149e18e8d86644
-
Filesize
14KB
MD5eb1dc009754010c672d41be94411be8a
SHA1657b75c025f06e47eed057201a3b7407c7f06aad
SHA25674e25ecb1c00e0ebc9da197eb231cb80907b21375f99378a1168680bdce82b5e
SHA512ab841e76bec063f43b0746e5bc076c71be3daf42dc277b04d84e56c1681397b20ed4e1e2804d5f28c00d0f370fc5d8d88c0191ce02a2460069779a766846926d