e550de2e92f39cb03db3b05e96a500331e50c723a0be4dd0cb93053fa43b159f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe
Size

3.0MB
MD5

4047d899cd7f48438e06fed924889aec
SHA1

c0ff2227af683c4e5eae5f3f330eb437d503f975
SHA256

e550de2e92f39cb03db3b05e96a500331e50c723a0be4dd0cb93053fa43b159f
SHA512

13193a2feea18fabaa32effb5b22e37dc5589f4b7ec2a54334d6113d0b2a4fa49298a6db8b1512d5a5bbb373ce1740a3c0bfbb1f79c74f98f39680e3526fc05a
SSDEEP

49152:KepA3/f13KGXu5MjxRN9oSCgSiVTQfFfG:0/BDXuMjxRNvSitQfFfG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
5096	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp
4428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp
2624	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp
428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp
1688	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp
4576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp
3868	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp
3516	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
652	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
1576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
952	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
716	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
4416	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
376	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
3864	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Program crash 1 IoCs

pid	pid_target	Process	procid_target
980	3864	WerFault.exe	100

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
4608	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe
4608	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe
5096	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp
5096	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp
4428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp
4428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp
2624	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp
2624	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp
428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp
428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp
1688	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp
1688	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp
4576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp
4576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp
3868	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp
3868	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp
3516	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
3516	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
652	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
652	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
1576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
1576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
952	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
952	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
716	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
716	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
4416	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
4416	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
376	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
376	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
376	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
4416	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
716	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
952	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
1576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
652	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
3516	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
3868	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp
4576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp
1688	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp
428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp
2624	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp
4428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp
5096	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp
4608	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 5096	4608	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe	84
PID 4608 wrote to memory of 5096	4608	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe	84
PID 4608 wrote to memory of 5096	4608	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe	84
PID 5096 wrote to memory of 4428	5096	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp	86
PID 5096 wrote to memory of 4428	5096	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp	86
PID 5096 wrote to memory of 4428	5096	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp	86
PID 4428 wrote to memory of 2624	4428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp	88
PID 4428 wrote to memory of 2624	4428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp	88
PID 4428 wrote to memory of 2624	4428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp	88
PID 2624 wrote to memory of 428	2624	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp	89
PID 2624 wrote to memory of 428	2624	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp	89
PID 2624 wrote to memory of 428	2624	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp	89
PID 428 wrote to memory of 1688	428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp	90
PID 428 wrote to memory of 1688	428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp	90
PID 428 wrote to memory of 1688	428	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp	90
PID 1688 wrote to memory of 4576	1688	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp	91
PID 1688 wrote to memory of 4576	1688	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp	91
PID 1688 wrote to memory of 4576	1688	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp	91
PID 4576 wrote to memory of 3868	4576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp	92
PID 4576 wrote to memory of 3868	4576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp	92
PID 4576 wrote to memory of 3868	4576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp	92
PID 3868 wrote to memory of 3516	3868	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp	93
PID 3868 wrote to memory of 3516	3868	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp	93
PID 3868 wrote to memory of 3516	3868	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp	93
PID 3516 wrote to memory of 652	3516	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	94
PID 3516 wrote to memory of 652	3516	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	94
PID 3516 wrote to memory of 652	3516	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	94
PID 652 wrote to memory of 1576	652	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	95
PID 652 wrote to memory of 1576	652	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	95
PID 652 wrote to memory of 1576	652	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	95
PID 1576 wrote to memory of 952	1576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	96
PID 1576 wrote to memory of 952	1576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	96
PID 1576 wrote to memory of 952	1576	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	96
PID 952 wrote to memory of 716	952	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	97
PID 952 wrote to memory of 716	952	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	97
PID 952 wrote to memory of 716	952	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	97
PID 716 wrote to memory of 4416	716	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	98
PID 716 wrote to memory of 4416	716	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	98
PID 716 wrote to memory of 4416	716	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	98
PID 4416 wrote to memory of 376	4416	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	99
PID 4416 wrote to memory of 376	4416	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	99
PID 4416 wrote to memory of 376	4416	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	99
PID 376 wrote to memory of 3864	376	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	100
PID 376 wrote to memory of 3864	376	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	100
PID 376 wrote to memory of 3864	376	4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp	100

C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp
  C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp
    C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp
      C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        
        C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
        16⤵
        Executes dropped EXE
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 508
        17⤵
        Program crash
        
        PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3864 -ip 3864
1⤵
PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp

Filesize
3.0MB

MD5
5e9313f84934471c318a6c000badb2a2

SHA1
8f07b3f5037bbef6ad79cdcf2ba732c0a0e11933

SHA256
4b0f65816599384aa812c7b07ebee342f7aad783cc36ae29d1e7575f855e3048

SHA512
84edb311141fc3db70cbc61d45ed6adddc2c0f2da5a63ac114a3f5f0443fc3defd2eeeb4b29707af0982abc7b1b399d798c030f121862db784419244a8657e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp

Filesize
2.9MB

MD5
3fea7101b57ff7cbc52fae175c9e9d26

SHA1
ad1cdf4d87cd37841e4280205fa3987e0332dd87

SHA256
77eccb787583e2ff37ac789ffe81aa2817f4f636cfab0f3825cabe515605f95f

SHA512
25f343819e9f74af838862d8bcbdce7834f0b8d164272f3009ad29de6c0764ea761c92e16775421bc90bb56581df7b5f75033dcbbc01048ad8446617bd35df1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp

Filesize
2.9MB

MD5
98522b849312475d5ec30a4441910f85

SHA1
1847340aa414c47b807bc6d31236be2300572f54

SHA256
243e32a937db1302f384cf2a9b7d0f77ded8643799698656bd36b1214b91420b

SHA512
006f8d4bc3c01dbea4aea59ba732aa710f05d915766df3e7c3f620f4bbadee3c63b94403dfeddcb5ffb724de9de7fa018ce072d031d022b5146c9cbec0a1e2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp

Filesize
2.9MB

MD5
eb32efb38b38a7b0de538dd82d25acbf

SHA1
abc65010a12913f5fbd36861b117dbb15f6c8cd0

SHA256
112aff486c1be5d8e761969a6ea18a4dad5a4b01bbec61c88f0b79042c78ca92

SHA512
c30c3591bc27ce77d07d2764fc8dc6844d2dc63c8b99f48ec5baf8f1289833cd32120b7792b07f04e7d159110dcb5c3cffd969f95d3b76fe77f61e701ddf0e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp

Filesize
2.8MB

MD5
0eb7696b710623466344eae268202cf8

SHA1
b1e288acf6e29d8ed2e1e0da4b03076babedcbf1

SHA256
8e55eb478dd30d13118d3a8129e79b74282ba1f9d066541d79b23e6f759f45e5

SHA512
eada96280b84ad3a4585569df6a52f0788d3aba931bc70ff0c209d1ca90f996294d6668a822732c5cb6361fe8b6f5ef7d4aaa7d6967da419a105fe50bf946f24

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.8MB

MD5
f819341279a49350ef54189bffa56bb0

SHA1
60a6b4c719494761c59a37f027b385e386d12ac5

SHA256
e02bad16966ed2db048a437c1143211f55bf3d89989cc465beea1329e524c9bd

SHA512
06ae8908245f39cc8d045552fea327423b738230e8955a5f2f41acad9b9b65f2ef17991fb80220e47ebdd0818b92d2e6ea4f0c21cbddd5bf8b0021ea3e058eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.8MB

MD5
453ec4c58288d8a2877bb7978eafda75

SHA1
b8b744b9fa1d09345ffff23256845e7c3f4a6686

SHA256
19f5ba81a38cf5b981768af4045b41193c0deb8806b017e3390b910f7705b863

SHA512
a577a7d2caac9d46197f611735429b5efe8194d5b8ca7d8cee6175e8bd07b6b4faf3bd796b70980a886587e8feaa43865d37765f1eeb43181e50cf747f6c2347

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.7MB

MD5
c8bf0669abf157361faa27e622783303

SHA1
a31f925256b5daf7a10e36b6c2bc8290ea01ed8b

SHA256
ea8ca80dc96eef80c6cf006f9ae3754211452438f3a3445e324b65cbe8880843

SHA512
4fb26566ed83feb05b17fda9768724b3a9194478bbc89345a4406e9b41629f6f47c2a8ad3c2f1de9e08a29eaf2c0cb759209f63bae401b8821dfc599acf9c2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.7MB

MD5
dd0b29622ce5e6cf2f5e19a34a048561

SHA1
61a16d84899427e1f99de163a187c05730b2511f

SHA256
feb1a84ee3deac4e81a413b875fd3e3679a8bdb661694ef6c7edfe96023125b2

SHA512
76faaac911ac90a799da9193f1ff1412e330b7b5157658ac399677dab02ef0f0a2ae7c08588c2cacff5ca100ef467d57ffc7eca057e6456097464c0de2b440c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.7MB

MD5
d0975e9ccda4035f6aef38742a936403

SHA1
53d34f69c2c7c65856a30f54c6458b77a3e84ae1

SHA256
1ef97f24fb7891348075a04dc05e827746a5e72e6f3483702984054b4736d66b

SHA512
72306b51f7d29c411a90b6bd18047ba279c17b1c36ebe792a106db998280294017af54a47066746af38a3d1776fed29af4ac8e0df79830a229c99f0494f0c460

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.7MB

MD5
6796ab373c3b501d26e896dee39b3f29

SHA1
dd564fc4606fbf56e43719132a724394926c990d

SHA256
28b2e828cfe70e84e0ff378867672d0f819449a0b4112e6d5e215f4d82de1d24

SHA512
fc568d51bcd83b266ec5c3c61fd1de809273c6c426426aec55711370147e17e2376562b1eb43a78959840bf3306f910030f62b3f638c5fe73145b1fef2812ed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.6MB

MD5
80668976d8462adcf78d527c482daf62

SHA1
f1ab387e0db250dd286b759291f11c4616493540

SHA256
673651ea9620f9c98fe466453a055816639115118b6c375d7869d9d2e93cb840

SHA512
77d26adaf88b80e270aef92c2d5734f77a8fd653b1a4e332e5042cff9cbf4e70070a0507d9a771c7de1f42ea4bfacb333a156ca59197d7d3f5d61c51ec416ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.6MB

MD5
9b6eafb706b0d5d7f6458a08969fdc5c

SHA1
cf07f8ba46167b4a280658454436d0a119fe8650

SHA256
311f1283f3281c74d9fa43573c89b195e891304040521296355fff630b952ece

SHA512
8c74adb40247d7e62738c83a7baf0e348631f19f3f3653f68f441270f8b87a4b305995e6642b2125ccd304da4b2edfaf4e92b23a1ef84e1c7b9dde4143a07c56

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.6MB

MD5
7c4e94399fed367f098ac2522232fe30

SHA1
22587b92e158eb72d221bcf39996e32d552a8b1e

SHA256
335e10ff9e88b11dc12c33d3092692c89514a06312e12c7f0b88c96f82fdc439

SHA512
1d6c20c758c84c08b864fe2f67279a8265a378eae295f7d0ad9c35300895f8154964a8cfbac10dfe7d4620118f8c66cf516950885b3ff5dbcc1373ff19cac5ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\4047d899cd7f48438e06fed924889aec_JaffaCakes118.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp

Filesize
2.5MB

MD5
d6596b87020da81c9196198671575848

SHA1
680cfcd52db19ad0ea3bcf065ff15843a49e850e

SHA256
e42feae0713e6960586b8125690289546b6fc43d2a69097fa51ff7d59aeeb19d

SHA512
ecb8f9ec36a514409dfef8e358e9a06513a1c6326e376bd1c5cb6223e81994c779c85ae4f666cc4decf2be43096df78f0d65f917d9e65397615d39bc942300a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads