d69793fe1bd22858c843aa1bbb0e81af4a975052879573c83dfabac880a6a5c5

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62a41fca40ee80d30e107317b16244f1_JaffaCakes118.exe
Size

1.3MB
MD5

62a41fca40ee80d30e107317b16244f1
SHA1

edb980023e5b01a3f2c1cf88bacbc58d20780578
SHA256

d69793fe1bd22858c843aa1bbb0e81af4a975052879573c83dfabac880a6a5c5
SHA512

dc9f8d6eddd1cf18c0d978f91db59178c3c59dac3171aa04bcc88eb25f3a9660c695ec92bc1a763fa3f3c425542f427977f7dff64b375ffd1147404815b82404
SSDEEP

12288:m77q+u770+a77e++77j+s77r+T77c+R77:mfq+uf0+afe++fj+sfr+Tfc+Rf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 13 IoCs

pid	Process
3044	x.exe
2692	flas.exe
2472	flasdf.exe
2900	flasd.exe
2336	flas.exe
2752	fla.exe
2876	fl.exe
2764	asdfghhg.exe
2448	asfs.exe
2516	aaaa.exe
2920	ffa.exe
2820	flash.exe
2720	aflash-player.exe

Loads dropped DLL 14 IoCs

pid	Process
1968	62a41fca40ee80d30e107317b16244f1_JaffaCakes118.exe
3044	x.exe
2692	flas.exe
2472	flasdf.exe
2900	flasd.exe
2336	flas.exe
2752	fla.exe
2876	fl.exe
2764	asdfghhg.exe
2448	asfs.exe
2516	aaaa.exe
2920	ffa.exe
2820	flash.exe
2820	flash.exe

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 3044	1968	62a41fca40ee80d30e107317b16244f1_JaffaCakes118.exe	31
PID 1968 wrote to memory of 3044	1968	62a41fca40ee80d30e107317b16244f1_JaffaCakes118.exe	31
PID 1968 wrote to memory of 3044	1968	62a41fca40ee80d30e107317b16244f1_JaffaCakes118.exe	31
PID 1968 wrote to memory of 3044	1968	62a41fca40ee80d30e107317b16244f1_JaffaCakes118.exe	31
PID 3044 wrote to memory of 2692	3044	x.exe	32
PID 3044 wrote to memory of 2692	3044	x.exe	32
PID 3044 wrote to memory of 2692	3044	x.exe	32
PID 3044 wrote to memory of 2692	3044	x.exe	32
PID 2692 wrote to memory of 2472	2692	flas.exe	33
PID 2692 wrote to memory of 2472	2692	flas.exe	33
PID 2692 wrote to memory of 2472	2692	flas.exe	33
PID 2692 wrote to memory of 2472	2692	flas.exe	33
PID 2472 wrote to memory of 2900	2472	flasdf.exe	34
PID 2472 wrote to memory of 2900	2472	flasdf.exe	34
PID 2472 wrote to memory of 2900	2472	flasdf.exe	34
PID 2472 wrote to memory of 2900	2472	flasdf.exe	34
PID 2900 wrote to memory of 2336	2900	flasd.exe	35
PID 2900 wrote to memory of 2336	2900	flasd.exe	35
PID 2900 wrote to memory of 2336	2900	flasd.exe	35
PID 2900 wrote to memory of 2336	2900	flasd.exe	35
PID 2336 wrote to memory of 2752	2336	flas.exe	36
PID 2336 wrote to memory of 2752	2336	flas.exe	36
PID 2336 wrote to memory of 2752	2336	flas.exe	36
PID 2336 wrote to memory of 2752	2336	flas.exe	36
PID 2752 wrote to memory of 2876	2752	fla.exe	37
PID 2752 wrote to memory of 2876	2752	fla.exe	37
PID 2752 wrote to memory of 2876	2752	fla.exe	37
PID 2752 wrote to memory of 2876	2752	fla.exe	37
PID 2876 wrote to memory of 2764	2876	fl.exe	38
PID 2876 wrote to memory of 2764	2876	fl.exe	38
PID 2876 wrote to memory of 2764	2876	fl.exe	38
PID 2876 wrote to memory of 2764	2876	fl.exe	38
PID 2764 wrote to memory of 2448	2764	asdfghhg.exe	39
PID 2764 wrote to memory of 2448	2764	asdfghhg.exe	39
PID 2764 wrote to memory of 2448	2764	asdfghhg.exe	39
PID 2764 wrote to memory of 2448	2764	asdfghhg.exe	39
PID 2448 wrote to memory of 2516	2448	asfs.exe	40
PID 2448 wrote to memory of 2516	2448	asfs.exe	40
PID 2448 wrote to memory of 2516	2448	asfs.exe	40
PID 2448 wrote to memory of 2516	2448	asfs.exe	40
PID 2516 wrote to memory of 2920	2516	aaaa.exe	41
PID 2516 wrote to memory of 2920	2516	aaaa.exe	41
PID 2516 wrote to memory of 2920	2516	aaaa.exe	41
PID 2516 wrote to memory of 2920	2516	aaaa.exe	41
PID 2920 wrote to memory of 2820	2920	ffa.exe	42
PID 2920 wrote to memory of 2820	2920	ffa.exe	42
PID 2920 wrote to memory of 2820	2920	ffa.exe	42
PID 2920 wrote to memory of 2820	2920	ffa.exe	42
PID 2820 wrote to memory of 2720	2820	flash.exe	43
PID 2820 wrote to memory of 2720	2820	flash.exe	43
PID 2820 wrote to memory of 2720	2820	flash.exe	43
PID 2820 wrote to memory of 2720	2820	flash.exe	43

C:\Users\Admin\AppData\Local\Temp\62a41fca40ee80d30e107317b16244f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\62a41fca40ee80d30e107317b16244f1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\x.exe
  "C:\Users\Admin\AppData\Local\Temp\x.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\flas.exe
    "C:\Users\Admin\AppData\Local\Temp\flas.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\flasdf.exe
      "C:\Users\Admin\AppData\Local\Temp\flasdf.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\flasd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\flasd.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\flas.exe
        
        "C:\Users\Admin\AppData\Local\Temp\flas.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\fla.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fla.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\fl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fl.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\asdfghhg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\asdfghhg.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\asfs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\asfs.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\aaaa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aaaa.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\ffa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ffa.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\flash.exe
        
        "C:\Users\Admin\AppData\Local\Temp\flash.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\aflash-player.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aflash-player.exe"
        14⤵
        Executes dropped EXE
        
        PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aaaa.exe

Filesize
318KB

MD5
ca27e2fcdc89f1d6ddb13d489e63d579

SHA1
0c168a582c5d8b6033a2b32dc546c8f610e8f775

SHA256
a9d5e7bae3a4d1547222491820bf0dfbcc642f3758d1f5da137f1689eb457029

SHA512
fa4d8002ece79068f3f453ecbc88c4c97b12c5f5a094eb006e263264be0cd6ed3181a0334dda1a196cb79d93f443c9073a09fc019e06cf227eadd2ca3970f433

Download Submit
C:\Users\Admin\AppData\Local\Temp\aflash-player.exe

Filesize
7KB

MD5
a455ca431e66975d886f1a8cfee8cb9f

SHA1
95868529973c77199b76ec593a686d9b324dee8b

SHA256
6bba0b8d8bf03ba15828c53e72d83d766e44b3238b55ab75348d8ce93bfd0056

SHA512
53e0c4edf9d91ebdea04bfb343c568190eaaeb066bc6742262f1e5943d2b27c375e1eca483419ae8753138dc2131c9d3c7742812c16863689c3bb266057c0531

Download Submit
C:\Users\Admin\AppData\Local\Temp\asdfghhg.exe

Filesize
525KB

MD5
e4b41c3e9321333254565f7bb02d5512

SHA1
903a531bb6d19d7852d9d2ee31478859c76712ef

SHA256
c459f33e1ec43f96ffa350886cfb5bb784d263d79468278ab110f0a861f1cd76

SHA512
2a1a09c3b3668959453ef39736a0e769879a2d583aa895dd3669761935deb8e6c170c1bdc65488860d510dc54750302a23488abb53d130014037b6cf031d9b5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\asfs.exe

Filesize
421KB

MD5
455c84c50c53080fbd668b8ab403aa39

SHA1
d39b0b946d2f7a8e254644b45a0f06b93f5fb24e

SHA256
d8c32bf8f110b3ebe50c24273478f077fdaa198655af8cc6bb9a41cf7379156e

SHA512
ebfe5ab80703e9ef089ae24a38ad5f4b9540c0c2d4bc6ce0555bd77df560efd628fdbfdc761f553c1a4a73ce57819e869da5d3a349fd778d0cc19e91302dbe6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ffa.exe

Filesize
214KB

MD5
8b0f61351f376e43ff76b23fbeb3c0d8

SHA1
8ffc43c27acd50b74bbc94b9ad1550b9d1fff7c3

SHA256
25d5a084c28b5eeced2b4512b36ea57ec42c6ccb51a9b3e205b743b622ebd9b4

SHA512
990eebb096ef644df9a508a04e42f23f35b3800fdaef85baffd07ff4609cc55a381a88e6c4995966e905d90dedd974bba6b2394d3d25a4a773a15df93b31c8b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\fl.exe

Filesize
628KB

MD5
404ea0c2221a2ad733aa82b1f314727c

SHA1
1ba71fc3a982482f30cbfd473a7463e325ab023b

SHA256
d32ff27f5a2c09c87f0b0f2880b2b5e59f4a3cf20d04508a9e12f7849817aefd

SHA512
e1288ebf0b978e393b96274ef252fe26501b9d632eefa91861894a4813bda99831053f21255be8c5481eea2d67ef8180092c8747fbc1593562ea88428d15701a

Download Submit
C:\Users\Admin\AppData\Local\Temp\flas.exe

Filesize
835KB

MD5
8ed006e4f7685c3d043a00cbecc1c7e6

SHA1
d73ff1fde6ec49fa4cb8c999623f2ea35be15356

SHA256
b3ba971a805e72a8ec709e401a1cac6b0dfcdbf243e48a65f7405115df8f3f67

SHA512
a96b17b3ccf5defa853844e7029e1458426657d9700b541717549d3d895f07059ab904a977630904c53037c9bb75242f6326a2728a843ae5755001637d36adc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\flasd.exe

Filesize
939KB

MD5
b60db9e2998547a3ac33e1f2cfd4c736

SHA1
e59efba83e1d7c26a2f3a4096497a5e4cb15d9f9

SHA256
ad8db985df8bd0437ddd74b7ab44f4b3848fbc9cb6006c1102c451ee8d47fdf8

SHA512
297c5d057eb2d69b6b46beaa9cc5d67cd32bf3e44a9b0da3c447ee7d3ef737a3b5bbab58a4a4d297ff05037931e3b4a800b3359e419a964c813af442108e7362

Download Submit
C:\Users\Admin\AppData\Local\Temp\flash.exe

Filesize
111KB

MD5
9cf79fb222ae00aff5c5aa780efde60b

SHA1
7a14f5712e8ad530bba649c939b1c0fa958499cd

SHA256
f320a04871fab15909562f4e3506bbcaf527d713ceb252e230d1543bbbec684a

SHA512
ffd9d4acc0c08628fd9168a9089af431f1634758d31084c6dd72967a2962c49b82d8965fd718dfc4d9aeea739327ab9c1815ebf2bdad920ec6a69d314d27971d

Download Submit
\Users\Admin\AppData\Local\Temp\fla.exe

Filesize
732KB

MD5
fe540ae0c300b182a746cbdbe0888b35

SHA1
a9aea713b29b5870aa2e0fbe91d39d0fd7c6f6e7

SHA256
b6e4b3d7ece2b65ee9ed655a4fe65e66def6503a71d4f30eae24c84a6d3914a0

SHA512
d139cb8826e7256bf2da180c216b418f98d5da21ef22675bd9602a5e7956cee32e61a20d13af4e5f51ff7295fab5c136567636031a7922e68f06887336225aec

Download Submit
\Users\Admin\AppData\Local\Temp\flas.exe

Filesize
1.1MB

MD5
b319d1e15e759fab681f75456f799a87

SHA1
0973770774377cd4f3ac614bf4be03f069621d04

SHA256
ded9cc440c02567e2e2d49ff361e6240b67a4203dc43c52077f0ac4d29d53e15

SHA512
fe267a83a03d14fa2f86532fe9c084e12b00a60e869fefb5577bef89eea525f5a9a755ad06a10581aa506ba747df59b3908cbea91cc1c1709fa088ae0d41bc7a

Download Submit
\Users\Admin\AppData\Local\Temp\flasdf.exe

Filesize
1.0MB

MD5
0733fac8f404055e1c37da4e519f5eb8

SHA1
f38b72aab45342b6d35bfae73aea5a2f9cf81886

SHA256
abec981eda9d3bf450038b86065810d1b6d4faa3b08a5425b974b2c9642bcc75

SHA512
13298a1d0d7cc6a954ac64fce7651469acf6dd5389e18df32cab2b6843412704cf7b653e2727f1dc1a1d1371677da55a2ab475f52807439b4bc259839975ece0

Download Submit
\Users\Admin\AppData\Local\Temp\x.exe

Filesize
1.2MB

MD5
7aa56ad0a0a5479fc21087a201ef9267

SHA1
2f0caf65ee9d18ae5e17ea8cc1a20dd0a7d81742

SHA256
9d195527bdf0a62bbb8bef1c536741b70a2b9dabdd0ecca0ba2a31ffc4aa392a

SHA512
daf6dc5ba95d56945acd3ba9ae777898b318313837bfdbed44115c2ce82b1b10459751b01d2bafe8175e1d2ff426dad1dfcf8a4818dd9e138123d1f938e20f49

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads