Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
21/07/2024, 12:50
Static task
static1
Behavioral task
behavioral1
Sample
609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe
-
Size
3.2MB
-
MD5
609c296b5c36c931a6c06c71fa31428a
-
SHA1
0ce13978043c0ef63c9865e716376722e61b0ac7
-
SHA256
7c0455ebbfd2599059825ed0b9e9802c3cc24201b619391fcea5c88c5c0ec736
-
SHA512
b002cfb90828354719dcc09fbc16c700dd3b8ee84edb33aa3ce4f49f00bfaf1858ae2be3e74909354c234d4d7bc290bb314545ab69e9c09a0da6923cd48fe641
-
SSDEEP
24576:lYIIsFVgLPnCQ7f417jo89+0adimzvuv3lTpn6hHBQAwNaDHh:kI9aKvn63wNaDB
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 4836 explorer.exe 4576 explorer.exe -
Loads dropped DLL 2 IoCs
pid Process 4752 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 4836 explorer.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 2060 set thread context of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 4836 set thread context of 4576 4836 explorer.exe 32 -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4752 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 4752 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 4576 explorer.exe 4576 explorer.exe 4576 explorer.exe 4576 explorer.exe -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 2060 wrote to memory of 4752 2060 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 30 PID 4752 wrote to memory of 4836 4752 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 31 PID 4752 wrote to memory of 4836 4752 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 31 PID 4752 wrote to memory of 4836 4752 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 31 PID 4752 wrote to memory of 4836 4752 609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe 31 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4836 wrote to memory of 4576 4836 explorer.exe 32 PID 4576 wrote to memory of 4820 4576 explorer.exe 33 PID 4576 wrote to memory of 4820 4576 explorer.exe 33 PID 4576 wrote to memory of 4820 4576 explorer.exe 33 PID 4576 wrote to memory of 4820 4576 explorer.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Users\Admin\AppData\Local\Temp\609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\609c296b5c36c931a6c06c71fa31428a_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4752 -
C:\Users\Admin\AppData\Local\Temp\explorer.exe"C:\Users\Admin\AppData\Local\Temp\explorer.exe" 13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Users\Admin\AppData\Local\Temp\explorer.exe"C:\Users\Admin\AppData\Local\Temp\explorer.exe" 14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4576 -
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\3661.bat"5⤵PID:4820
-
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
182B
MD53e4c6c1568319be773c45435c56fcd92
SHA1766f669f63c18010bf1f311f47c827f7c0f15626
SHA256b21d68aef8772dfc8887f4b81549fda5ac6bc1d18decfe3ca9e0022c55a9eb59
SHA512ae481b08616ab9014fda67a6191da371d0448ab3b84d899e85f0674e664482d8388fffe431d45d300dcec0deb3845f3a8d7f8fb1f3f9d12376abf6529d601b5b
-
Filesize
16B
MD51ef1a3c174aa25a0b798370f3af74f5a
SHA1d9d448ace64e0c255972fabc8f968a449de9aa7c
SHA2568adaf0dd21c84dc9c58e1a5b89f3d6098e519590cd8b1b2889789df23f970a9f
SHA5126f44c49229473b7c39e02c697db3ccd37a40490ef9f56db1d77124a010216403d446fb21b8be34705b911da8f16ea1237f2a28908096f1f94f94384ea831c005
-
Filesize
16B
MD5ca1fd51a868cf402bb516bbf618a84bc
SHA17ed8a5b68b07562ea5ac9d3a9040e789431617ef
SHA25626ce6b8cbe64f366e0c49c5f114fb5c1fe691f7ea2bb65506647607187cb5bd9
SHA51276ebfef6ee7aa944080fd2d3f281c135d12be53a5b8c98b2d4a30df732562b74397ae63752cae926ff03661b8d32d28b26a67c868d60dadd9835a5967cca41a8
-
Filesize
16B
MD5ed0a81a5268acb87ec85acf71c10b26e
SHA191e4b51b578b934de8c00909b2e7d2f341bcd81a
SHA256b3df1dcb060413e968a16d186f73a10b05c2d56eef6eb73ef4def37762aed913
SHA512f9f72f9f1ed3cb4bd46aa2788ffa72bd5e6def0e06edd89833eb7c7978d5e9c774ae0164c2809db8278180fef56d8eaef8321c1d4e22dd5d15a9ea4295702c34
-
Filesize
16B
MD553c6ac3623a1be1d5e23726a56c52087
SHA13cdc4c6a1037839d9e2ed921ac7f80931a36031e
SHA256a82657deb304ff6f46bd499037bb255fb6b9535d36eba7a63f3b29a987ad0282
SHA512270fbc38218e43c6bb75fc71f57267f7ff45be2c9ebdfd74cc76553e86aae59a8e0e2d36ea7b6d5f07cdc4c88c1981d8ec3d7ea31336130f7c3d95e480e5c078
-
Filesize
16B
MD51c8d086b3ae07f10cc4c5bf02f38abb3
SHA1905ade46546c7021923d22db3be71776034a3f54
SHA256df937921448a3ee575454372b6f869704a4c2db459c50d983233c02f8ee5591e
SHA51223e15817994014b019c455114114a353967fe438df6f6952129f5c56ea1eaa18f0703eae0aaea0b334ade7d00f21ff1fc1070059a8b8c3b0e52990eefb4a6ecf
-
Filesize
16B
MD51c96364f98c9b0b161ff5b0e314fbdc7
SHA16ea7d4a0b3ccfb324b897e9e5590b20004dffeed
SHA2561c6121f8198c80ae37598bf484f709596790c80e6abecbf85dddd4a6b87e8a27
SHA5124b596f6bf32ade6626f7f203ac50118c888930dda09840d26190a67c56ac8ad81785bf980dd04800f5cd81cc12352917d05538ea32f73e7b68e9c96fb6cef023
-
Filesize
16B
MD5d5e277eb5bf1f61b153a660fba11b03d
SHA1f7a4a32bce070ccf6c651b1800630e3cb5218a18
SHA256f534de82822d36b0c92c95086f0173825852420e5fd18e71d46fe1b56e47be33
SHA5120df9d5a2c868868c8f2ce32290b1dc71c0beaa731bac7d3807b85119ad8212fcfc67f56f2611bf06d6a615cc071e41c2fe320ebd8596fbe815acda5d898df604
-
Filesize
16B
MD5cd9533739ede30726ff6732246160168
SHA151c239ef78ea62f5ee2f8d13bbbddd1d35287ccb
SHA2566c143162adf9d143cfba8be2230ddbf53f2501033e1da9d630df068ec44ea098
SHA512ee9dd37819d0ba3db8ada92f809e3eba04c1374cfdca7eeebbc05cee6ef95db9ee3be1b2de30cc91e8cfb0631af6727edada8f93760a2142ffa1cb8496249539
-
Filesize
16B
MD53fe77295e03ace0ca3cf3ca85dccedba
SHA10cd49836a79f0982a290bca20fddde89057d147c
SHA2560fe745355cdd00f12473a94dfe151a65d347cb2849aa477a55a3d6ad82e598d6
SHA5124e8be9d45b86a603aeaa181b65bafdf3060bac33baedf5a40560417bbd0191f5932b5589582223371ebfbf6a67560315508303a4603d9dd99e6cff03fbffb40f
-
Filesize
16B
MD563d3ec1684434a2d7b4056cf67982019
SHA12bd149dd2941c018b83d2f3ebf42dbbf1be086ca
SHA256684563e06600adf719edd46e5bbc21b4c44c9b687eca2d23e6ca18000b7dbdee
SHA512c6c3f47d987e3fd5ef6d5b4f5087589e873000eb76030d7a0901050c49f2753c73157028c92e3da3890a4db221e2429fe81b60091aa611c4b35de42fb6f7dbdb
-
Filesize
16B
MD5c82d89b7dcf2c84a03d0c06eef68ce1a
SHA117047b9f77d465a0b60e9b7fb1344b7f0737a5f4
SHA25625a0510f92de7aaf5526c5fae2914db27634872b923229dda83655cdebfa0e1e
SHA51235b873a5f77548143989e213878a6c6a6a13f66d6ee3297293cb0b1ccf45f3c71d513a588426622a60b4ce1a061233a7d71f5249de1289a353483f4c207fbc35
-
Filesize
16B
MD55f5ae5d90843643fcfc00f0c26469858
SHA12419156e3314547c3fb04dacd003f88c0d04f324
SHA25638f6f7e5bc476a40a2294c9346a2372c63fbe3e3a97e49fe3dbac7d7c790b498
SHA5129969e33adf234a3d0a52d65cb16e0d698d9ded5a7a2578b5e9824a32111f4e653cc4aa88816b513eabbc5b3602c2d6ae2ea8994d6ffb56bd59d64d90824a7771
-
Filesize
16B
MD5a34722773f53e16a25689e987329c868
SHA17705be135b579d84baba40fb70926e62be189078
SHA2566239ab0d54e9cd7d80332594c70f72b74a7de5e01de5730d149b3b2116cba18d
SHA5125e092f2f3ed8e126156c9538861f1a527c97dc9ba9c5c7e6f5d7b20761041f475bdc3ee896ae28a52a2dfa9883523e9e8fdb685159942187ef6c0c728e1c8e47
-
Filesize
16B
MD52e623bd70ff3de0d38d36454646e18cd
SHA1e27becc0b0f5e0cd154683b9b0e91ad60e4cb957
SHA256e459b8bca3991ad78f50d23acac7235b7da35978a2f934d3fc4dd8559f096f7d
SHA512f4472e3aebd0711592794f7f87cbcc6fada55f4009e9c9de60b067d136d8f8f2e8126592cfd94d046077173c73ed55ce54d37779e7058988739ac93a90384228
-
Filesize
3.2MB
MD5609c296b5c36c931a6c06c71fa31428a
SHA10ce13978043c0ef63c9865e716376722e61b0ac7
SHA2567c0455ebbfd2599059825ed0b9e9802c3cc24201b619391fcea5c88c5c0ec736
SHA512b002cfb90828354719dcc09fbc16c700dd3b8ee84edb33aa3ce4f49f00bfaf1858ae2be3e74909354c234d4d7bc290bb314545ab69e9c09a0da6923cd48fe641