249aff741b6ef7a838aad73d7c942568f6e974e57ad5d0ab9869e4bb2f6247c0

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 19:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b1a030f8790a4ede78391450bbccc1b_JaffaCakes118.exe
Size

244KB
MD5

4b1a030f8790a4ede78391450bbccc1b
SHA1

3f64f8d3ca31cac9210fbd01a81f4e84dda30773
SHA256

249aff741b6ef7a838aad73d7c942568f6e974e57ad5d0ab9869e4bb2f6247c0
SHA512

4c70609b6c3be076f558365ed15fe204203dbad1b7c73b828452edbe0eaf7821c0901bafcc15478721f7737ea08dd2e21cbc5d77ded9493e8e03909502551ff4
SSDEEP

6144:OVV8/Fkoi3ZdsUlBA6hRZ3kE8fVhGQnq5VNe+BzumjSfq:cCkr3ZdsUlBAmgt2fNe+AmjUq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2108	newclscfg.exe

Loads dropped DLL 6 IoCs

pid	Process
2528	4b1a030f8790a4ede78391450bbccc1b_JaffaCakes118.exe
2388	rundll32.exe
2388	rundll32.exe
2388	rundll32.exe
2388	rundll32.exe
2388	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2108	2528	4b1a030f8790a4ede78391450bbccc1b_JaffaCakes118.exe	30
PID 2528 wrote to memory of 2108	2528	4b1a030f8790a4ede78391450bbccc1b_JaffaCakes118.exe	30
PID 2528 wrote to memory of 2108	2528	4b1a030f8790a4ede78391450bbccc1b_JaffaCakes118.exe	30
PID 2528 wrote to memory of 2108	2528	4b1a030f8790a4ede78391450bbccc1b_JaffaCakes118.exe	30
PID 2108 wrote to memory of 2388	2108	newclscfg.exe	31
PID 2108 wrote to memory of 2388	2108	newclscfg.exe	31
PID 2108 wrote to memory of 2388	2108	newclscfg.exe	31
PID 2108 wrote to memory of 2388	2108	newclscfg.exe	31
PID 2108 wrote to memory of 2388	2108	newclscfg.exe	31
PID 2108 wrote to memory of 2388	2108	newclscfg.exe	31
PID 2108 wrote to memory of 2388	2108	newclscfg.exe	31

C:\Users\Admin\AppData\Local\Temp\4b1a030f8790a4ede78391450bbccc1b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4b1a030f8790a4ede78391450bbccc1b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Roaming\newclscfg\newclscfg.exe
  C:\Users\Admin\AppData\Roaming\newclscfg\newclscfg.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Roaming\NEWCLS~1\NEWCLS~1.DLL 000
    3⤵
    - Loads dropped DLL
    PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\NEWCLS~1\NEWCLS~1.DLL

Filesize
233KB

MD5
e73110a00dc65b7d3f2d99e58d6c3a83

SHA1
ba40c0886976f592dfba8941e6344306a9a3e916

SHA256
e50956a66c0fe43d254ece8844079124785c8d8179fab431fda955faefd2a0b9

SHA512
d57bf8605482df14fb3a160ef56829003232f9e56aa2c277cfe28d3f7547c132c42da8e4835956cbf4f5bc25eef12b396499cfee877efb4b3668a349db2ba8f7

Download Submit
\Users\Admin\AppData\Roaming\NEWCLS~1\trtdqkhjnhjjf.dll

Filesize
160KB

MD5
a754368da27a6a0ec497398038789d67

SHA1
f76448ecbe50506df3a111f89dbff1d516c1d964

SHA256
b62bcb44b2cde3da727f589033f06ce84f2392b8515b0e74e10961aa2b23861a

SHA512
8f4875a6799c96c332904df5df244ed53a6bde1c023aaf6cc56af003bfd6f6a3daf597861fa350413257a7b755983246fd5b39cff151da69d5ef3b1480b4317d

Download Submit
\Users\Admin\AppData\Roaming\newclscfg\newclscfg.exe

Filesize
244KB

MD5
4b1a030f8790a4ede78391450bbccc1b

SHA1
3f64f8d3ca31cac9210fbd01a81f4e84dda30773

SHA256
249aff741b6ef7a838aad73d7c942568f6e974e57ad5d0ab9869e4bb2f6247c0

SHA512
4c70609b6c3be076f558365ed15fe204203dbad1b7c73b828452edbe0eaf7821c0901bafcc15478721f7737ea08dd2e21cbc5d77ded9493e8e03909502551ff4

Download Submit
memory/2108-10-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2108-11-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2388-26-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download
memory/2388-24-0x0000000000200000-0x000000000022A000-memory.dmp

Filesize
168KB

Download
memory/2388-31-0x0000000000200000-0x000000000022A000-memory.dmp

Filesize
168KB

Download
memory/2388-30-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download
memory/2388-29-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2388-28-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2388-27-0x0000000010043000-0x0000000010044000-memory.dmp

Filesize
4KB

Download
memory/2388-33-0x0000000000200000-0x000000000022A000-memory.dmp

Filesize
168KB

Download
memory/2388-32-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download
memory/2388-17-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download
memory/2388-25-0x0000000000200000-0x000000000022A000-memory.dmp

Filesize
168KB

Download
memory/2388-21-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download
memory/2388-19-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download
memory/2388-18-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download
memory/2528-2-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2528-6-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2528-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads