Analysis
-
max time kernel
1s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
14/07/2024, 09:49
General
-
Target
454d20ca3452c7ccc51da7a0ccb7e55d_JaffaCakes118.exe
-
Size
43KB
-
MD5
454d20ca3452c7ccc51da7a0ccb7e55d
-
SHA1
c218de2d7c18a788f0f655ac2a3db4c729a3d40b
-
SHA256
8e54e6d5ed7ea5338370375a1ed4caa74539389c78cedbcfc3b185354121c5f2
-
SHA512
b754b1a574c274f46d80d2d19932d6298a042d040c7f466cfa2bc40afbca3d55720d51610485bd3640702c4254bbc8425416b6ea67a3998119ad16576352e850
-
SSDEEP
768:3PJadenAqtYQnaXH96rV2kllriFqR7Atmqfvfj7sMC72ZWzFwKF/Kpplc:3PnAClrVLTrEqNAxvXsf7rzV/KpXc
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 18 IoCs
-
Adds Run key to start application 2 TTPs 18 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies WinLogon 2 TTPs 64 IoCs
-
Drops file in System32 directory 21 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 54 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\454d20ca3452c7ccc51da7a0ccb7e55d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\454d20ca3452c7ccc51da7a0ccb7e55d_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe3⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe4⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe6⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe7⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe8⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe9⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe10⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe11⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe12⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe13⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe14⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe15⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe16⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe17⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe18⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe20⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe21⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe22⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe23⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe24⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe25⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe26⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe27⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe28⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe29⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe30⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe31⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe32⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe33⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe34⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe35⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe36⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe37⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe38⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe39⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe40⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe41⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe42⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe43⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe44⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe45⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe46⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe47⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe48⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe49⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe50⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe51⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe52⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe53⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe54⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe55⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe56⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe57⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe58⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe59⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe60⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe61⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe62⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe63⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe64⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe65⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe66⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe67⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe68⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe69⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe70⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe71⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe72⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe73⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe74⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe75⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe76⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe77⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe78⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe79⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe80⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe81⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe82⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe83⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe84⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe85⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe86⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe87⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe88⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe89⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe90⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe91⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe92⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe93⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe94⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe95⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe96⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe97⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe98⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe99⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe100⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe101⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe102⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe103⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe104⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe105⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe106⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe107⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe108⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe109⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe110⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe111⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe112⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe113⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe114⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe115⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe116⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe117⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe118⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe119⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe120⤵
-
C:\Windows\SysWOW64\scklchk.exeC:\Windows\system32\scklchk.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-