178b418bd55b9d1213fc908edf648d0edbf56ca55d7679e987d1cf58c278fa1a

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 09:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

62aa7d0274f6f46846c0bb90f2965607_JaffaCakes118.exe
Size

180KB
MD5

62aa7d0274f6f46846c0bb90f2965607
SHA1

926c94579253a9c27ceff76d48d42b2f0d270bcd
SHA256

178b418bd55b9d1213fc908edf648d0edbf56ca55d7679e987d1cf58c278fa1a
SHA512

d6673820b99ee84652f00eeb996819d75c28c5200e7d7d383f4e83ffc1ef6f46faed567301dd04319888fa58f666dc6406c627ea1be0fd84e1be50948028af1f
SSDEEP

3072:og+jB7ZPcVemuaW1BOR5OE1EM2jASY1atZgn37zpnop2WtXvs3R/:orjBlP0emBGy92NgvpnoJtEh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1028	haZl0oh.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1028	haZl0oh.exe
1028	haZl0oh.exe
1028	haZl0oh.exe
1028	haZl0oh.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 1028	4256	62aa7d0274f6f46846c0bb90f2965607_JaffaCakes118.exe	84
PID 4256 wrote to memory of 1028	4256	62aa7d0274f6f46846c0bb90f2965607_JaffaCakes118.exe	84
PID 4256 wrote to memory of 1028	4256	62aa7d0274f6f46846c0bb90f2965607_JaffaCakes118.exe	84
PID 1028 wrote to memory of 3572	1028	haZl0oh.exe	56
PID 1028 wrote to memory of 3572	1028	haZl0oh.exe	56
PID 1028 wrote to memory of 3572	1028	haZl0oh.exe	56
PID 1028 wrote to memory of 3572	1028	haZl0oh.exe	56
PID 1028 wrote to memory of 3572	1028	haZl0oh.exe	56
PID 1028 wrote to memory of 3572	1028	haZl0oh.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3572
- C:\Users\Admin\AppData\Local\Temp\62aa7d0274f6f46846c0bb90f2965607_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\62aa7d0274f6f46846c0bb90f2965607_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4256
- - C:\Users\Admin\AppData\Local\Temp\haZl0oh.exe
    haZl0oh.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\haZl0oh.exe

Filesize
50KB

MD5
fcf78ff7b7caecd845092048e76e38ec

SHA1
579103c941851ace07a725c51bc0ec500cb44fed

SHA256
3aaf03824ce7307c34dc7c8f34324055564e55841be92a5fc5581b64d04e7cb1

SHA512
a7edf6d5c552681031b88bf7d53e59f0a7baee55e0bbd8be6fe02ba9be1e781461489821f8edee9de9b83ceaaede60169d15f2511e33be8a1e8eb16aa93c558f

Download Submit
memory/1028-38-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1028-30-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1028-29-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/3572-34-0x000000007FFC0000-0x000000007FFC7000-memory.dmp

Filesize
28KB

Download
memory/3572-32-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/4256-20-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4256-16-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4256-4-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/4256-3-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/4256-2-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4256-25-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/4256-24-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4256-23-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4256-22-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/4256-21-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4256-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4256-14-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4256-19-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4256-18-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/4256-17-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4256-5-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/4256-15-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4256-13-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4256-12-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/4256-6-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/4256-7-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/4256-8-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/4256-9-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4256-10-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/4256-39-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4256-43-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4256-42-0x00000000021E0000-0x000000000221A000-memory.dmp

Filesize
232KB

Download
memory/4256-40-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/4256-1-0x00000000021E0000-0x000000000221A000-memory.dmp

Filesize
232KB

Download