1f991e6d754aa99415dab6c3700ccf674dab7c9106ff8a737a056f2a34bece66

General

Target

5f3af2b7dc7239ae71ffb918e68926bc_JaffaCakes118.exe
Size

566KB
MD5

5f3af2b7dc7239ae71ffb918e68926bc
SHA1

2f8d2b4e78678dcdb53bd0c0de90dcd52d5b665a
SHA256

1f991e6d754aa99415dab6c3700ccf674dab7c9106ff8a737a056f2a34bece66
SHA512

8e89da572aa910812848c3e1ce21eacc5a9c91a8891eb78abed5b56894d89318d741b7cec834ccbba6e8c66e0b6ef1fb86f0b8f7e6d1fc76d5c9f0fc207a2adb
SSDEEP

12288:xq37+gtJKn+y/w7rEJUryEnF3Z4mxxRDf8pJ/AN8kXUvX2V3uO0A/0:w+n/w73uaQmXRDf8pJ4NfH3uO05

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4080	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4080 set thread context of 2236	4080	svchost.exe	89

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\systom32\svchost.exe	5f3af2b7dc7239ae71ffb918e68926bc_JaffaCakes118.exe
File opened for modification	C:\Windows\systom32\svchost.exe	5f3af2b7dc7239ae71ffb918e68926bc_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2464	2236	WerFault.exe	89

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 4784	4176	5f3af2b7dc7239ae71ffb918e68926bc_JaffaCakes118.exe	88
PID 4176 wrote to memory of 4784	4176	5f3af2b7dc7239ae71ffb918e68926bc_JaffaCakes118.exe	88
PID 4176 wrote to memory of 4784	4176	5f3af2b7dc7239ae71ffb918e68926bc_JaffaCakes118.exe	88
PID 4080 wrote to memory of 2236	4080	svchost.exe	89
PID 4080 wrote to memory of 2236	4080	svchost.exe	89
PID 4080 wrote to memory of 2236	4080	svchost.exe	89
PID 4080 wrote to memory of 2236	4080	svchost.exe	89
PID 4080 wrote to memory of 2236	4080	svchost.exe	89

C:\Users\Admin\AppData\Local\Temp\5f3af2b7dc7239ae71ffb918e68926bc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5f3af2b7dc7239ae71ffb918e68926bc_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\7145.bat
  2⤵
  PID:4784

C:\Windows\systom32\svchost.exe
C:\Windows\systom32\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Windows\SysWOW64\svchost.exe
  "C:\Windows\system32\svchost.exe" 12345
  2⤵
  PID:2236
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 12
    3⤵
    - Program crash
    PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2236 -ip 2236
1⤵
PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7145.bat

Filesize
226B

MD5
2b7b3a3ff4c2337ebbe350ce50b4439b

SHA1
1b177bf2899687cb4a9601c7c4f81e57af635cb0

SHA256
ba666b7794186beb3d6d30c49f1ebe0124ff34eb1850d6082b02ecfec752046e

SHA512
3d28bbbd493bf37d539c77080f21eb823d7adce34a6100a9231171f5250b379a678caced147f26d1b2cac9c398734970268c9a42b8e42eb06c95e254fd3eb832

Download Submit
C:\Windows\systom32\svchost.exe

Filesize
566KB

MD5
5f3af2b7dc7239ae71ffb918e68926bc

SHA1
2f8d2b4e78678dcdb53bd0c0de90dcd52d5b665a

SHA256
1f991e6d754aa99415dab6c3700ccf674dab7c9106ff8a737a056f2a34bece66

SHA512
8e89da572aa910812848c3e1ce21eacc5a9c91a8891eb78abed5b56894d89318d741b7cec834ccbba6e8c66e0b6ef1fb86f0b8f7e6d1fc76d5c9f0fc207a2adb

Download Submit
memory/2236-38-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4080-43-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4176-26-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4176-23-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4176-2-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/4176-8-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/4176-7-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4176-6-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/4176-10-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/4176-11-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4176-14-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/4176-13-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4176-12-0x0000000003480000-0x0000000003482000-memory.dmp

Filesize
8KB

Download
memory/4176-16-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/4176-0-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4176-25-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4176-24-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4176-3-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/4176-22-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4176-21-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4176-28-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/4176-27-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/4176-20-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4176-19-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4176-18-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4176-17-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4176-15-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4176-4-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/4176-5-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/4176-40-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4176-41-0x00000000022E0000-0x0000000002334000-memory.dmp

Filesize
336KB

Download
memory/4176-9-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/4176-1-0x00000000022E0000-0x0000000002334000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads