3fd9d2b7b35b3294cc23fb9ca2661b95e9e8154116ca340dfc0fe0dc96325b9b

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

670c56cbe76ca8fd56db9cbb9a8e7987_JaffaCakes118.exe
Size

297KB
MD5

670c56cbe76ca8fd56db9cbb9a8e7987
SHA1

c0e2c8cd63754c784663bc6b4b488f16061e2d4c
SHA256

3fd9d2b7b35b3294cc23fb9ca2661b95e9e8154116ca340dfc0fe0dc96325b9b
SHA512

b3aed36add1d007d0bb4ac7eab0b2636eedee91e414085fcc2ee0528279724e3591b625adda0137e3c947356c74cd09c2db7546f22d528b1307e968b7e69fa64
SSDEEP

6144:1zW/KFKexXI7tRrKwyjg2ruu6rFxpSDg9SCN63H3:ltx4BRrKwyjg+uxYUAy6X3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4136	setup.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 4136	2796	670c56cbe76ca8fd56db9cbb9a8e7987_JaffaCakes118.exe	83
PID 2796 wrote to memory of 4136	2796	670c56cbe76ca8fd56db9cbb9a8e7987_JaffaCakes118.exe	83
PID 2796 wrote to memory of 4136	2796	670c56cbe76ca8fd56db9cbb9a8e7987_JaffaCakes118.exe	83
PID 2796 wrote to memory of 4136	2796	670c56cbe76ca8fd56db9cbb9a8e7987_JaffaCakes118.exe	83
PID 2796 wrote to memory of 4136	2796	670c56cbe76ca8fd56db9cbb9a8e7987_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\670c56cbe76ca8fd56db9cbb9a8e7987_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\670c56cbe76ca8fd56db9cbb9a8e7987_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe"
  2⤵
  - Executes dropped EXE
  PID:4136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\difBDA3.tmp

Filesize
758B

MD5
dbc37ec6b7c3b1dea4d1ef0eb11df1f3

SHA1
8d846c9e47efa0faff5f37172718f67afb1d35be

SHA256
38c35109c634f66d339317265b24e19ce7152ddc25fadf0b8de530638f096a7f

SHA512
cf29a77c152c9f2074be0d8bc493d01849d2c68938f18a2726aceb4cd61dac8edd88fb3dd35f9fded91c07d814d755cd33da7e20d692ab18b3ddd24229400ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\data.pck

Filesize
345KB

MD5
a9e61ee985ebf5db9351663ab8a1bfe4

SHA1
ac7cc946428329d1c6810de1c33d045329ee214e

SHA256
f9bbaa1aaa5108a676f2343934b3217882cf18a24b5673349df2e5a7e48bcdd8

SHA512
4645105769ed16eec35fb9b1f051c912280cdcf8ca8b42070bba396e76051371ee4f13f929030d66f17cfaeb6e3bd75f6e0f83dbf32aa3984d048d256bc42600

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\index.scr

Filesize
758B

MD5
3a6dafe006a41dbdc08ff3e0972c50cc

SHA1
c1fa5b49372a2be6bb0314238332009f9587fff3

SHA256
abe8c2580e6641a3e247322c619543eefc0236bb1ee1e96ad8cdf01933fdc074

SHA512
d6a90657e5a7bc0ab0dda17e7ae2bea3a148c6e41c6f003a67d1786e0abe52429a097d6ade5c496531f1c575bf8c3105481eaafe5368a81aace0fd4114a79af8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\puzzle.pzl

Filesize
29KB

MD5
d75a2fe89ede8a940b070a265bd018f5

SHA1
fae68df26c6406edddf9812fe305660d43b5d427

SHA256
318f30b7bbff4bf62366e0db6cb9a393c985d3f9436ceb3711230576fd7f315e

SHA512
161243b59de8731173fcc43599da88cce98b3f39990c1f71a7f790e0506cc63c0115009e7a2c4d3c8298d06c1bf392b72a8115efd6a241ff17312ac7151ccac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe

Filesize
304KB

MD5
61200441e7fae807bbc020d757466117

SHA1
4d575e2d302f10b2b0a5fa0eef1524c4e332d202

SHA256
ee8d5fec51d3e03d6ea1f90dad828bfcf0659bcab52cc61a356d86082ec8007d

SHA512
7551b47084efd743fe59ae0ebe044a7e8cd86f6c559e3e4c760bc0c97dc0945443a59e98eddc2b0c564bdd1c0720d168d8462e3b772f6019d9df93d091626c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\lang.ini

Filesize
10KB

MD5
cedfd1c79c51b026a3f87794150a5039

SHA1
d373440a1f2fd8581861d7b7090085c5484b6087

SHA256
ba5ef58a17d91c7f8f39d2da9e841a162c806269e6f2bb4b689a8e9b1d0a9a80

SHA512
f48718440741fbcd80cf5b764c20629f82a527e260cb31297d40cdce22e7c3ceaac69077dc54a87767a7eac2bc826fb8f9743273049d52b0891819a089808ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\skin.ini

Filesize
1KB

MD5
393a22419b84a1219194cd6542a23c93

SHA1
f480bbfb8009844782366a3dec2ad23266dc48bc

SHA256
c46fe077a9206c75b2a6068dd6929c09df9bc616adb3caf7f1443a90f0276468

SHA512
beadbda583bf63e31a247ddcea59d7033f6cfd385e6d6bf3fc3884855ddf4b04d05f1d739f36a19319263951605bdfc00a4cc11380d978ffe2b28d4c3d35bee4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads