Analysis
-
max time kernel
147s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
22/07/2024, 15:58
General
-
Target
63d47c2d46ec9d5a8a1be1968acfcb5e_JaffaCakes118.exe
-
Size
168KB
-
MD5
63d47c2d46ec9d5a8a1be1968acfcb5e
-
SHA1
b63e42cefa55b2544965390e10e7961a769c2cba
-
SHA256
2b553ebd0f4b37b6c715241dbabeee76112cfea8216ebb8e9705c6d2d46e6aad
-
SHA512
e9bd832fdfdecaefd6819f9f9de494cf2a78be3784135189d09a21a9a1c2d7e4b58850531cab7980388e11f98cd4873b1b6a41e9cd53fe381a11da6fbc08ebe9
-
SSDEEP
3072:2LuC9XN6Q22l61bgI3fZD5uA9vfB0q1wdNp9Txfs5Bw0/Cq:i9d6Qdl8ffv4fp9T0BzN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\63d47c2d46ec9d5a8a1be1968acfcb5e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\63d47c2d46ec9d5a8a1be1968acfcb5e_JaffaCakes118.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe4⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe5⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe6⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe7⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe8⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe9⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe10⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe11⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe12⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe13⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe14⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe15⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe16⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe17⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe18⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe19⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe20⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe21⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe22⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe23⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe24⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe25⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe26⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe27⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe28⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe29⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe30⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe31⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe32⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe33⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe34⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe35⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe36⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe37⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe38⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe39⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe40⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe41⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe42⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe43⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe44⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe45⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe46⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe47⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe48⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe49⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe50⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe51⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe52⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe53⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe54⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe55⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe56⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe57⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe58⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe59⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe60⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe61⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe62⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe63⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe64⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe66⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe67⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe68⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe69⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe70⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe71⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe72⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe73⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe74⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe75⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe76⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe77⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe78⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe79⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe80⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe81⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe82⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe83⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe84⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe85⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe86⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe87⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe88⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe89⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe90⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe91⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe92⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe93⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe94⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe95⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe96⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe97⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe98⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe99⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe100⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe101⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe102⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe103⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe104⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe105⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe106⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe108⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe109⤵
- Enumerates connected drives
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe110⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe112⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe113⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe114⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe115⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe116⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe117⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe118⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe119⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe120⤵
-
C:\Windows\SysWOW64\wuauolts.exeC:\Windows\system32\wuauolts.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-