652a36e3cde6ce29e0a173c3eaa61ef62c6e63f22b1c5e3352c3846f36d9114c

Analysis

max time kernel
123s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 11:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6754e61c1422470f31d99797d8a9b254_JaffaCakes118.exe
Size

48KB
MD5

6754e61c1422470f31d99797d8a9b254
SHA1

3c8c772435c34b5afaf3a9eca27e40d4b1389654
SHA256

652a36e3cde6ce29e0a173c3eaa61ef62c6e63f22b1c5e3352c3846f36d9114c
SHA512

dca3d5decb2d745c2b234f434e0008129455fd99e7fe0e349d710ce0cef12a7dfbb8b8426b45c123cd80578aeba3eeeefc801f63fce667c7aed348e7ce17c884
SSDEEP

1536:ZGGLXyYF0CCPCRBEnON03spdmYyXSqZ8s:ZGayYF0jGB0ON08pdmYyFt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3068	winupdcenter.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3068	winupdcenter.exe
3068	winupdcenter.exe
3068	winupdcenter.exe
3068	winupdcenter.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3068	2024	6754e61c1422470f31d99797d8a9b254_JaffaCakes118.exe	87
PID 2024 wrote to memory of 3068	2024	6754e61c1422470f31d99797d8a9b254_JaffaCakes118.exe	87
PID 2024 wrote to memory of 3068	2024	6754e61c1422470f31d99797d8a9b254_JaffaCakes118.exe	87
PID 3068 wrote to memory of 3428	3068	winupdcenter.exe	56
PID 3068 wrote to memory of 3428	3068	winupdcenter.exe	56
PID 3068 wrote to memory of 3428	3068	winupdcenter.exe	56
PID 3068 wrote to memory of 3428	3068	winupdcenter.exe	56
PID 3068 wrote to memory of 3428	3068	winupdcenter.exe	56
PID 3068 wrote to memory of 3428	3068	winupdcenter.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3428
- C:\Users\Admin\AppData\Local\Temp\6754e61c1422470f31d99797d8a9b254_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\6754e61c1422470f31d99797d8a9b254_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\winupdcenter.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\winupdcenter.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\winupdcenter.exe

Filesize
28KB

MD5
c7e1b59371c6582ca6a9b6fb370c152a

SHA1
ef8518b6096f0543e4fa2597a4afc2dc4b76f237

SHA256
8edd9c65b1171fe3d92e445c59d3cb840367dbd88fa399c5f903ad37be6cc034

SHA512
2568367a455a201f3cfc0b6909c7e613e026ba4d18939487b364d09a7ebd637b061cab92f431e3f9444502c00e2e4a68c4bd1f86803c1242cd71a524b97f0a30

Download Submit
memory/2024-4-0x000000001CAB0000-0x000000001CB4C000-memory.dmp

Filesize
624KB

Download
memory/2024-1-0x000000001BF60000-0x000000001C006000-memory.dmp

Filesize
664KB

Download
memory/2024-3-0x000000001C4E0000-0x000000001C9AE000-memory.dmp

Filesize
4.8MB

Download
memory/2024-0-0x00007FF9EC8B5000-0x00007FF9EC8B6000-memory.dmp

Filesize
4KB

Download
memory/2024-5-0x00007FF9EC600000-0x00007FF9ECFA1000-memory.dmp

Filesize
9.6MB

Download
memory/2024-6-0x0000000001830000-0x0000000001838000-memory.dmp

Filesize
32KB

Download
memory/2024-2-0x00007FF9EC600000-0x00007FF9ECFA1000-memory.dmp

Filesize
9.6MB

Download
memory/2024-25-0x00007FF9EC600000-0x00007FF9ECFA1000-memory.dmp

Filesize
9.6MB

Download
memory/2024-7-0x000000001CC10000-0x000000001CC5C000-memory.dmp

Filesize
304KB

Download
memory/3068-15-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/3068-13-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3068-22-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3068-23-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/3428-18-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

Filesize
24KB

Download
memory/3428-16-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download