abab4575620aa466b3421de5ace347708d907b758ac4c06b55e9a2181d2b2908

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe
Size

190KB
MD5

5fab40e74f979c5d432e814d4f08f743
SHA1

ab71ff8a582529bde25ecb51332a093fdf9661e3
SHA256

abab4575620aa466b3421de5ace347708d907b758ac4c06b55e9a2181d2b2908
SHA512

6140210348bc7b0278253f12c463c56b77ba72ad1357e341c68ea0aa22d02aa848581388ca5735513e4e7fc1af97d3456deb3b11c0491afed0d52f54a24d20bb
SSDEEP

3072:D00boXeanH+6wZCkcC78L0QcI3ZMcbn35zl3WdCZDqPv:40sTe6pl0QcIj3WdC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4512	systen.exe
2004	ghoct.exe
4052	tongji.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4792	4512	WerFault.exe	84
3244	2004	WerFault.exe	91

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 4512	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	84
PID 3544 wrote to memory of 4512	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	84
PID 3544 wrote to memory of 4512	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	84
PID 3544 wrote to memory of 2004	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	91
PID 3544 wrote to memory of 2004	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	91
PID 3544 wrote to memory of 2004	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	91
PID 3544 wrote to memory of 4052	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	94
PID 3544 wrote to memory of 4052	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	94
PID 3544 wrote to memory of 4052	3544	5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe	94

C:\Users\Admin\AppData\Local\Temp\5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5fab40e74f979c5d432e814d4f08f743_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Users\Admin\AppData\Local\Temp\systen.exe
  "C:\Users\Admin\AppData\Local\Temp\systen.exe"
  2⤵
  - Executes dropped EXE
  PID:4512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 224
    3⤵
    - Program crash
    PID:4792
- C:\Users\Admin\AppData\Local\Temp\ghoct.exe
  "C:\Users\Admin\AppData\Local\Temp\ghoct.exe"
  2⤵
  - Executes dropped EXE
  PID:2004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 224
    3⤵
    - Program crash
    PID:3244
- C:\Users\Admin\AppData\Local\Temp\tongji.exe
  "C:\Users\Admin\AppData\Local\Temp\tongji.exe"
  2⤵
  - Executes dropped EXE
  PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4512 -ip 4512
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2004 -ip 2004
1⤵
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ghoct.exe

Filesize
39KB

MD5
62d3e446c9f2059a8f5d58038f248a2c

SHA1
b2da123d019771561b7f5d4715e29dc293af5bf8

SHA256
2b51b5fac70cd544702d14f8e4e2b0c1ff38e8eda369ac233fe43b3337078ace

SHA512
0613cd02b21e219b9359c444af343026da3005571a0274e329a537ed53d3e31bfbaa4513088b9f721525ffb7988b067c43c4b0eb78e0c3c39ecaf008a50c240f

Download Submit
C:\Users\Admin\AppData\Local\Temp\systen.exe

Filesize
28KB

MD5
b765850e13c385bd7f28081e4915078d

SHA1
2a8b1962562d4b9064b9518ff2bf0690011b56ed

SHA256
54e83640db164c035fa2a20f21fc523786fd174a0d1f667d6fb2b8acb3c8ecfe

SHA512
0614739324d7ba0c71a05d92eb7e55b810bf4b1f3daa5b79df7af0bde20a861480033fc48fd03cc9a39460a7579b013fc06ff78d0fd5cf418f586fd85b0180b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tongji.exe

Filesize
60KB

MD5
aee7c82b20524567d647a1a5a1602675

SHA1
6bd1740f6bc838a3c7d3fe508680244c7dd4f548

SHA256
35249fa6b7e70076fb486e4fe7b4e6d5c65acd6c6fbfcd5b904910c6ab56e683

SHA512
2090bc64410db331bf0a5faf2c3017b3a72277ad887e6778fca2f983050ce0f09d2cf970b755a8cf0d8629618ef444afad903991ca3ad005709f7f0421cc31d0

Download Submit
memory/2004-11-0x0000000000420000-0x000000000042C000-memory.dmp

Filesize
48KB

Download
memory/2004-14-0x0000000000420000-0x000000000042C000-memory.dmp

Filesize
48KB

Download
memory/4052-19-0x0000000013150000-0x0000000013164000-memory.dmp

Filesize
80KB

Download
memory/4512-5-0x0000000000420000-0x0000000000428000-memory.dmp

Filesize
32KB

Download
memory/4512-6-0x0000000000421000-0x0000000000428000-memory.dmp

Filesize
28KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads