e54e61bd605c196dcbef3e3c6b99530d0481ae0930fb26a7b7ff5139ae8af568

Analysis

max time kernel
148s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe
Size

591KB
MD5

5c4284c546325e0e8dd3d85c629392b3
SHA1

62dc874deefce86f0a4c40d6be67e3d0d21018eb
SHA256

e54e61bd605c196dcbef3e3c6b99530d0481ae0930fb26a7b7ff5139ae8af568
SHA512

61e371a2c72a9e6d678ab3155c8043e138f4439d91f38400e49e2b53e52196acdbdd570d87cfa308c6a9ca42ce2399fbc7748043cf283a3d39268dbb6f662275
SSDEEP

12288:aDTkcfuqYfjqTfEJOMlfD0ZI423TIF3Z4mxx/Q7zpT5ZYR8oHe5qD:aDTpfuJbqTEO8D8h23cQmX/oTJoHr

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2296	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2552	G_Telnet

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\G_Telnet	5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe
File opened for modification	C:\Windows\G_Telnet	5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe
File created	C:\Windows\Delete.bat	5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties	G_Telnet
Set value (int)	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel = "1"	G_Telnet
Key created	\REGISTRY\USER\.DEFAULT\System	G_Telnet
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet	G_Telnet
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties	G_Telnet
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick	G_Telnet
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	G_Telnet
Key created	\REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	G_Telnet
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control	G_Telnet

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2552	G_Telnet

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 320	2552	G_Telnet	31
PID 2552 wrote to memory of 320	2552	G_Telnet	31
PID 2552 wrote to memory of 320	2552	G_Telnet	31
PID 2552 wrote to memory of 320	2552	G_Telnet	31
PID 2624 wrote to memory of 2296	2624	5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe	32
PID 2624 wrote to memory of 2296	2624	5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe	32
PID 2624 wrote to memory of 2296	2624	5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe	32
PID 2624 wrote to memory of 2296	2624	5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5c4284c546325e0e8dd3d85c629392b3_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\Delete.bat
  2⤵
  - Deletes itself
  PID:2296

C:\Windows\G_Telnet
C:\Windows\G_Telnet
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Delete.bat

Filesize
214B

MD5
bf7df97fc9415d6d77974a1a464f0b09

SHA1
418f37ba14c989d40c56ec9c041e2bd6cc8c79e7

SHA256
1bb7bcb6f1cf499c11872623070454f3e7e7b0945178416e80d2d50090c32dbc

SHA512
80d44b653c3d8163a16b5f6105aab9dbe3f9b7e25a13d9dd05cd132eab7d76e8f56e59a0c654e743643199852d7a216fda4076b6c6d4b9fda1be1fee81c59c5f

Download Submit
C:\Windows\G_Telnet

Filesize
591KB

MD5
5c4284c546325e0e8dd3d85c629392b3

SHA1
62dc874deefce86f0a4c40d6be67e3d0d21018eb

SHA256
e54e61bd605c196dcbef3e3c6b99530d0481ae0930fb26a7b7ff5139ae8af568

SHA512
61e371a2c72a9e6d678ab3155c8043e138f4439d91f38400e49e2b53e52196acdbdd570d87cfa308c6a9ca42ce2399fbc7748043cf283a3d39268dbb6f662275

Download Submit
memory/2552-71-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2552-84-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2624-0-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2624-8-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/2624-11-0x0000000003300000-0x000000000339A000-memory.dmp

Filesize
616KB

Download
memory/2624-10-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2624-9-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/2624-7-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/2624-6-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2624-5-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2624-4-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/2624-3-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2624-2-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/2624-1-0x0000000001DD0000-0x0000000001E24000-memory.dmp

Filesize
336KB

Download
memory/2624-14-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-15-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-16-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-17-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-23-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-22-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-21-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-20-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-19-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-18-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-35-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-34-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-33-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-32-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-31-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-30-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-29-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-28-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-27-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-26-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-25-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-24-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-61-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-69-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-68-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-67-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-66-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-65-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-64-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-63-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-62-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-60-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-59-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-58-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-82-0x0000000001DD0000-0x0000000001E24000-memory.dmp

Filesize
336KB

Download
memory/2624-81-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2624-57-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-56-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-55-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-54-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-53-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-52-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-51-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-50-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-49-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-48-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-47-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-46-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-45-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-44-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-43-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-42-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-41-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-40-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-39-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-38-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-37-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download
memory/2624-36-0x0000000003300000-0x0000000003400000-memory.dmp

Filesize
1024KB

Download