3e58d57e31182dc76ddc9e4ca374623792fb4e118a9d7c67a203c43902a3a600

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe
Size

552KB
MD5

49960db46d2f902de8850119ea4564fe
SHA1

d86e1e61b9aa570315a3d28cdd640e9971ad2114
SHA256

3e58d57e31182dc76ddc9e4ca374623792fb4e118a9d7c67a203c43902a3a600
SHA512

436f64925159e07b0b40a43dff409531689124966527f131f86a9774c98ba38e585a4eb67c84f78a6ae299312c0d8c716e7ea38881cb0d0b37a5b50070f1bdc3
SSDEEP

12288:Nol4/3F2gX1RKqQVtu3+Bx7+FL2n1T6RMq1PIiRPT:+ld+nKqQ3TFdUMq2M

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2956	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2788	my.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2788 set thread context of 2968	2788	my.exe	32

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\my.exe	49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe
File opened for modification	C:\Windows\my.exe	49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2956	2776	49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe	31
PID 2776 wrote to memory of 2956	2776	49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe	31
PID 2776 wrote to memory of 2956	2776	49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe	31
PID 2776 wrote to memory of 2956	2776	49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe	31
PID 2788 wrote to memory of 2968	2788	my.exe	32
PID 2788 wrote to memory of 2968	2788	my.exe	32
PID 2788 wrote to memory of 2968	2788	my.exe	32
PID 2788 wrote to memory of 2968	2788	my.exe	32
PID 2788 wrote to memory of 2968	2788	my.exe	32
PID 2788 wrote to memory of 2968	2788	my.exe	32

C:\Users\Admin\AppData\Local\Temp\49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\49960db46d2f902de8850119ea4564fe_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\1666.bat
  2⤵
  - Deletes itself
  PID:2956

C:\Windows\my.exe
C:\Windows\my.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\SysWOW64\svchost.exe
  "C:\Windows\system32\svchost.exe" 852
  2⤵
  PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1666.bat

Filesize
226B

MD5
ab830d30931f84f99cf3478116c7fef4

SHA1
be5a5a2e437774b8956e1ad8a66ef85f7136e3bf

SHA256
8a38d28165a2b61156076827e72e603e2bed17d7c5acda69f9a863c7a1c0b4cf

SHA512
702fa8304c508bf7ea3107fcd5a7b192869a88ee1d0714aae544c52dbc9ad0ebfba93a6e51fa5b6a980b3f33a9803be3de7ba837e21c278d4f29fb3271d5a069

Download Submit
C:\Windows\my.exe

Filesize
552KB

MD5
49960db46d2f902de8850119ea4564fe

SHA1
d86e1e61b9aa570315a3d28cdd640e9971ad2114

SHA256
3e58d57e31182dc76ddc9e4ca374623792fb4e118a9d7c67a203c43902a3a600

SHA512
436f64925159e07b0b40a43dff409531689124966527f131f86a9774c98ba38e585a4eb67c84f78a6ae299312c0d8c716e7ea38881cb0d0b37a5b50070f1bdc3

Download Submit
memory/2776-0-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/2776-1-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2776-17-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/2788-6-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/2788-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2788-24-0x0000000000400000-0x0000000000491200-memory.dmp

Filesize
580KB

Download
memory/2968-18-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2968-22-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2968-20-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download