Analysis
-
max time kernel
150s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
14/07/2024, 16:33
General
-
Target
46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe
-
Size
48KB
-
MD5
46a0b724e29afa9aec3b6f68aa634cd0
-
SHA1
eda78ed5e70f1555ee93a8f1f5034daf71738231
-
SHA256
35bd0dc4d8499b161761c8e21c317be00c10c659546721d66cafdd3bd2211dc7
-
SHA512
a99a216a58aad307057276276658813dbe94c9bd004d9ab7fdfa46d2ddcce43fb1b52c733d783215bd8aa488fa9ea022ea5e97f4975d36dac81bfb093588b211
-
SSDEEP
768:V98vr9CUFScrAY1Ak02Ztpk/rkoZdKikBPw8lMO90tYbJfY02UXNORE:V909icrN1AkZZtpfofK1PlhxbZY02m7
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\46a0b724e29afa9aec3b6f68aa634cd0_JaffaCakes118.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe66⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"67⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe68⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"69⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe70⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"71⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe72⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"73⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe74⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"75⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe76⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"77⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe78⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"79⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe80⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"81⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe82⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"83⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe84⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"85⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe86⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"87⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe88⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"89⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe90⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"91⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe92⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"93⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe94⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"95⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe96⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"97⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe98⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"99⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe100⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"101⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe102⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"103⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe104⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"105⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe106⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"107⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe108⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"109⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe110⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"111⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe112⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"113⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe114⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"115⤵
- Drops file in System32 directory
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe116⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"117⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe118⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"119⤵
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msn32.exeC:\Windows\SysWOW64\msn32.exe120⤵
-
C:\Windows\SysWOW64\msn32.exe"C:\Windows\system32\msn32.exe"121⤵
- Suspicious use of SetThreadContext
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-