Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 12:50

General

  • Target

    609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe

  • Size

    3.2MB

  • MD5

    609c296b5c36c931a6c06c71fa31428a

  • SHA1

    0ce13978043c0ef63c9865e716376722e61b0ac7

  • SHA256

    7c0455ebbfd2599059825ed0b9e9802c3cc24201b619391fcea5c88c5c0ec736

  • SHA512

    b002cfb90828354719dcc09fbc16c700dd3b8ee84edb33aa3ce4f49f00bfaf1858ae2be3e74909354c234d4d7bc290bb314545ab69e9c09a0da6923cd48fe641

  • SSDEEP

    24576:lYIIsFVgLPnCQ7f417jo89+0adimzvuv3lTpn6hHBQAwNaDHh:kI9aKvn63wNaDB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Local\Temp\609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4752
      • C:\Users\Admin\AppData\Local\Temp\explorer.exe
        "C:\Users\Admin\AppData\Local\Temp\explorer.exe" 1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4836
        • C:\Users\Admin\AppData\Local\Temp\explorer.exe
          "C:\Users\Admin\AppData\Local\Temp\explorer.exe" 1
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4576
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c "C:\Users\Admin\AppData\Local\Temp\3661.bat"
            5⤵
              PID:4820

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\3661.bat

            Filesize

            182B

            MD5

            3e4c6c1568319be773c45435c56fcd92

            SHA1

            766f669f63c18010bf1f311f47c827f7c0f15626

            SHA256

            b21d68aef8772dfc8887f4b81549fda5ac6bc1d18decfe3ca9e0022c55a9eb59

            SHA512

            ae481b08616ab9014fda67a6191da371d0448ab3b84d899e85f0674e664482d8388fffe431d45d300dcec0deb3845f3a8d7f8fb1f3f9d12376abf6529d601b5b

          • C:\Users\Admin\AppData\Local\Temp\~2A6.tmp

            Filesize

            16B

            MD5

            1ef1a3c174aa25a0b798370f3af74f5a

            SHA1

            d9d448ace64e0c255972fabc8f968a449de9aa7c

            SHA256

            8adaf0dd21c84dc9c58e1a5b89f3d6098e519590cd8b1b2889789df23f970a9f

            SHA512

            6f44c49229473b7c39e02c697db3ccd37a40490ef9f56db1d77124a010216403d446fb21b8be34705b911da8f16ea1237f2a28908096f1f94f94384ea831c005

          • C:\Users\Admin\AppData\Local\Temp\~393.tmp

            Filesize

            16B

            MD5

            ca1fd51a868cf402bb516bbf618a84bc

            SHA1

            7ed8a5b68b07562ea5ac9d3a9040e789431617ef

            SHA256

            26ce6b8cbe64f366e0c49c5f114fb5c1fe691f7ea2bb65506647607187cb5bd9

            SHA512

            76ebfef6ee7aa944080fd2d3f281c135d12be53a5b8c98b2d4a30df732562b74397ae63752cae926ff03661b8d32d28b26a67c868d60dadd9835a5967cca41a8

          • C:\Users\Admin\AppData\Local\Temp\~3E0.tmp

            Filesize

            16B

            MD5

            ed0a81a5268acb87ec85acf71c10b26e

            SHA1

            91e4b51b578b934de8c00909b2e7d2f341bcd81a

            SHA256

            b3df1dcb060413e968a16d186f73a10b05c2d56eef6eb73ef4def37762aed913

            SHA512

            f9f72f9f1ed3cb4bd46aa2788ffa72bd5e6def0e06edd89833eb7c7978d5e9c774ae0164c2809db8278180fef56d8eaef8321c1d4e22dd5d15a9ea4295702c34

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            53c6ac3623a1be1d5e23726a56c52087

            SHA1

            3cdc4c6a1037839d9e2ed921ac7f80931a36031e

            SHA256

            a82657deb304ff6f46bd499037bb255fb6b9535d36eba7a63f3b29a987ad0282

            SHA512

            270fbc38218e43c6bb75fc71f57267f7ff45be2c9ebdfd74cc76553e86aae59a8e0e2d36ea7b6d5f07cdc4c88c1981d8ec3d7ea31336130f7c3d95e480e5c078

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            1c8d086b3ae07f10cc4c5bf02f38abb3

            SHA1

            905ade46546c7021923d22db3be71776034a3f54

            SHA256

            df937921448a3ee575454372b6f869704a4c2db459c50d983233c02f8ee5591e

            SHA512

            23e15817994014b019c455114114a353967fe438df6f6952129f5c56ea1eaa18f0703eae0aaea0b334ade7d00f21ff1fc1070059a8b8c3b0e52990eefb4a6ecf

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            1c96364f98c9b0b161ff5b0e314fbdc7

            SHA1

            6ea7d4a0b3ccfb324b897e9e5590b20004dffeed

            SHA256

            1c6121f8198c80ae37598bf484f709596790c80e6abecbf85dddd4a6b87e8a27

            SHA512

            4b596f6bf32ade6626f7f203ac50118c888930dda09840d26190a67c56ac8ad81785bf980dd04800f5cd81cc12352917d05538ea32f73e7b68e9c96fb6cef023

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            d5e277eb5bf1f61b153a660fba11b03d

            SHA1

            f7a4a32bce070ccf6c651b1800630e3cb5218a18

            SHA256

            f534de82822d36b0c92c95086f0173825852420e5fd18e71d46fe1b56e47be33

            SHA512

            0df9d5a2c868868c8f2ce32290b1dc71c0beaa731bac7d3807b85119ad8212fcfc67f56f2611bf06d6a615cc071e41c2fe320ebd8596fbe815acda5d898df604

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            cd9533739ede30726ff6732246160168

            SHA1

            51c239ef78ea62f5ee2f8d13bbbddd1d35287ccb

            SHA256

            6c143162adf9d143cfba8be2230ddbf53f2501033e1da9d630df068ec44ea098

            SHA512

            ee9dd37819d0ba3db8ada92f809e3eba04c1374cfdca7eeebbc05cee6ef95db9ee3be1b2de30cc91e8cfb0631af6727edada8f93760a2142ffa1cb8496249539

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            3fe77295e03ace0ca3cf3ca85dccedba

            SHA1

            0cd49836a79f0982a290bca20fddde89057d147c

            SHA256

            0fe745355cdd00f12473a94dfe151a65d347cb2849aa477a55a3d6ad82e598d6

            SHA512

            4e8be9d45b86a603aeaa181b65bafdf3060bac33baedf5a40560417bbd0191f5932b5589582223371ebfbf6a67560315508303a4603d9dd99e6cff03fbffb40f

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            63d3ec1684434a2d7b4056cf67982019

            SHA1

            2bd149dd2941c018b83d2f3ebf42dbbf1be086ca

            SHA256

            684563e06600adf719edd46e5bbc21b4c44c9b687eca2d23e6ca18000b7dbdee

            SHA512

            c6c3f47d987e3fd5ef6d5b4f5087589e873000eb76030d7a0901050c49f2753c73157028c92e3da3890a4db221e2429fe81b60091aa611c4b35de42fb6f7dbdb

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            c82d89b7dcf2c84a03d0c06eef68ce1a

            SHA1

            17047b9f77d465a0b60e9b7fb1344b7f0737a5f4

            SHA256

            25a0510f92de7aaf5526c5fae2914db27634872b923229dda83655cdebfa0e1e

            SHA512

            35b873a5f77548143989e213878a6c6a6a13f66d6ee3297293cb0b1ccf45f3c71d513a588426622a60b4ce1a061233a7d71f5249de1289a353483f4c207fbc35

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            5f5ae5d90843643fcfc00f0c26469858

            SHA1

            2419156e3314547c3fb04dacd003f88c0d04f324

            SHA256

            38f6f7e5bc476a40a2294c9346a2372c63fbe3e3a97e49fe3dbac7d7c790b498

            SHA512

            9969e33adf234a3d0a52d65cb16e0d698d9ded5a7a2578b5e9824a32111f4e653cc4aa88816b513eabbc5b3602c2d6ae2ea8994d6ffb56bd59d64d90824a7771

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            a34722773f53e16a25689e987329c868

            SHA1

            7705be135b579d84baba40fb70926e62be189078

            SHA256

            6239ab0d54e9cd7d80332594c70f72b74a7de5e01de5730d149b3b2116cba18d

            SHA512

            5e092f2f3ed8e126156c9538861f1a527c97dc9ba9c5c7e6f5d7b20761041f475bdc3ee896ae28a52a2dfa9883523e9e8fdb685159942187ef6c0c728e1c8e47

          • C:\Users\Admin\AppData\Local\Temp\~9A.tmp

            Filesize

            16B

            MD5

            2e623bd70ff3de0d38d36454646e18cd

            SHA1

            e27becc0b0f5e0cd154683b9b0e91ad60e4cb957

            SHA256

            e459b8bca3991ad78f50d23acac7235b7da35978a2f934d3fc4dd8559f096f7d

            SHA512

            f4472e3aebd0711592794f7f87cbcc6fada55f4009e9c9de60b067d136d8f8f2e8126592cfd94d046077173c73ed55ce54d37779e7058988739ac93a90384228

          • \Users\Admin\AppData\Local\Temp\explorer.exe

            Filesize

            3.2MB

            MD5

            609c296b5c36c931a6c06c71fa31428a

            SHA1

            0ce13978043c0ef63c9865e716376722e61b0ac7

            SHA256

            7c0455ebbfd2599059825ed0b9e9802c3cc24201b619391fcea5c88c5c0ec736

            SHA512

            b002cfb90828354719dcc09fbc16c700dd3b8ee84edb33aa3ce4f49f00bfaf1858ae2be3e74909354c234d4d7bc290bb314545ab69e9c09a0da6923cd48fe641

          • memory/4576-1676-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4576-1665-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4576-1661-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-818-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-817-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-814-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-812-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-810-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-823-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-1664-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-820-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-809-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB

          • memory/4752-822-0x0000000000400000-0x0000000000494000-memory.dmp

            Filesize

            592KB