8c09eadc8afe81df08f4d248f068da94ae6c32f475ae8411e7b6cfcf85dd905b

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 18:55

Target

6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe
Size

70KB
MD5

6463933e171ba91ed8cb00f647d8b175
SHA1

4f4064e6398e32ac072bda6203d097abd958456e
SHA256

8c09eadc8afe81df08f4d248f068da94ae6c32f475ae8411e7b6cfcf85dd905b
SHA512

d1c7ed9b3adcafc96398cda239af57a6f0659a02f35fb0bf741c98dbee0ed38874d79191d2af4146d847e030ecbb114174be01b5bb612f43875ca9987b8fd146
SSDEEP

1536:o6gMk4gBID9M3do2NTXCLbhizzbgxEmbGPbed2Z3xF1+3O2/3Gk:oPMgBceluizoCmbGjA4J2

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\HELP\F3C74E3FA248.dll	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe
File created	C:\Windows\HELP\F3C74E3FA248.dll	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel = "Apartment"	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\ = "SSUUDL"	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ = "C:\\Windows\\HELP\\F3C74E3FA248.dll"	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2128	1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe	30
PID 1700 wrote to memory of 2128	1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe	30
PID 1700 wrote to memory of 2128	1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe	30
PID 1700 wrote to memory of 2128	1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe	30
PID 1700 wrote to memory of 2412	1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe	33
PID 1700 wrote to memory of 2412	1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe	33
PID 1700 wrote to memory of 2412	1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe	33
PID 1700 wrote to memory of 2412	1700	6463933e171ba91ed8cb00f647d8b175_JaffaCakes118.exe	33

C:\Users\Admin\AppData\Local\Temp\2.BAT

Filesize
64B

MD5
34b746fa1c2ae741c761a54e77a2e96b

SHA1
f6d0a556884368a368ffe66615adca050080ad60

SHA256
d39d3be074eaabf568c9e425c58b43a5bd1d130ec8e5f450c170bf398444dcf2

SHA512
94d589999d003dabfd794c97ebe415ac7c6f31761ce1ae4637601395819e07d5f1583f7235d8f21ec9e05dad74a729711d9bde79b8a66174673591819039da6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.BAT

Filesize
63B

MD5
4b7448d3e37bfd461b5718a4350c8c29

SHA1
f93e70ff00102528092589e7556f52e2169ccf83

SHA256
9848c9217157365d6f7cff7d7b3281b048f175640e3ea176f93adf6268589642

SHA512
b95b110a8a150132f83ddda8e907a57dfebfc43a9ab7b2896a2fa65260982bbc12f2a645394b05acce06cce04396d5e89561deee040f4022206c6c143ea68402

Download Submit
\Windows\Help\F3C74E3FA248.dll

Filesize
140KB

MD5
4d60d8557f77898e6cf2a42850aed573

SHA1
098db1a06eb20c8de56d834f7f2be1f9559bb317

SHA256
9b09bf91c4a246863fc7b5ab6457bc845ec961c4f3881b6246c76aefa97c129e

SHA512
41fb6f79fd2e35dd80f59eebd9443e0a01e5c13fb9ed5f12a46f816f2673e586f44b62fecad47ff3a199dcb7ec32271afd9341162160642ef6cbf45214517428

Download Submit
memory/1700-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1700-20-0x0000000000220000-0x0000000000248000-memory.dmp

Filesize
160KB

Download
memory/1700-22-0x0000000000220000-0x0000000000248000-memory.dmp

Filesize
160KB

Download
memory/1700-23-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download