c5cd032f4ccc63d93b7b3eaa7810b7a86a21d3045fe96ad7d16134970fb25a87

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe
Size

2.8MB
MD5

672dc12a7e174c9d43c37da653ab2a73
SHA1

ee8e3be6d277e08414a4cfa1142578cdb46a5d66
SHA256

c5cd032f4ccc63d93b7b3eaa7810b7a86a21d3045fe96ad7d16134970fb25a87
SHA512

c6dfe29db13beccb5795369fbd7495db438cb8d33d1d35c884363e80504473ac2dc4f152ed55ac7a4bde2c5c804289b2594a2270e5298ceb44c44717a27c8469
SSDEEP

49152:Fi7aJUT6ABButyHO5E9NcP+vUObFDg2MtH/e0O7OOn:o7oUTNXN9yP+FFg/ZeJ7OO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3300	360O0K.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\360O0K.exe	672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\360O0K.exe	360O0K.exe
File created	C:\Windows\SysWOW64\Deleteme.bat	360O0K.exe
File created	C:\Windows\SysWOW64\Deleteme.bat	672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\360O0K.exe	672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3548	672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe
3300	360O0K.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 3900	3300	360O0K.exe	92
PID 3300 wrote to memory of 3900	3300	360O0K.exe	92
PID 3300 wrote to memory of 3900	3300	360O0K.exe	92
PID 3548 wrote to memory of 2708	3548	672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe	94
PID 3548 wrote to memory of 2708	3548	672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe	94
PID 3548 wrote to memory of 2708	3548	672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe	94

C:\Users\Admin\AppData\Local\Temp\672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\672dc12a7e174c9d43c37da653ab2a73_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.bat
  2⤵
  PID:2708

C:\Windows\SysWOW64\360O0K.exe
C:\Windows\SysWOW64\360O0K.exe -NetSata
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.bat
  2⤵
  PID:3900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\360O0K.exe

Filesize
2.8MB

MD5
672dc12a7e174c9d43c37da653ab2a73

SHA1
ee8e3be6d277e08414a4cfa1142578cdb46a5d66

SHA256
c5cd032f4ccc63d93b7b3eaa7810b7a86a21d3045fe96ad7d16134970fb25a87

SHA512
c6dfe29db13beccb5795369fbd7495db438cb8d33d1d35c884363e80504473ac2dc4f152ed55ac7a4bde2c5c804289b2594a2270e5298ceb44c44717a27c8469

Download Submit
C:\Windows\SysWOW64\Deleteme.bat

Filesize
104B

MD5
839c9dbcd895d19dacd52121a0c23878

SHA1
5d231de1773db42fa1216dbb90361ec61bd4738e

SHA256
c6be12ac39b9d0cf770b0f490db4fcb019afb196a51a50821efced21c08e8578

SHA512
270f4a2bf75a4e5f8c182afd9f79a57b5f8e7c8c17ae39148bbe4a2ce4b55978abd12d4eee5d9c525da7d43ad395fc017e93d0018b8c199c18c9f0d4638286b3

Download Submit
C:\Windows\SysWOW64\Deleteme.bat

Filesize
212B

MD5
9b681367f7172409f72a18f67a0f2a95

SHA1
fa9900b596651bdd70d29917a1f3d581f2038654

SHA256
24d72f4e538732037791fed185ad208ee5220c42a8687d8bfcb990fb16fcaa3b

SHA512
1911bd8907c8d158caa67059c527017f8572161d8b63740ceb02b6e6093092c3f2186483d687b2977c1acdc89ac98d325186061ea533064c696669b8610d9a1d

Download Submit
memory/3300-14-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3300-15-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3300-18-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3300-11-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3300-13-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3300-10-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3300-12-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3548-3-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3548-7-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3548-0-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3548-4-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3548-5-0x0000000000401000-0x0000000000467000-memory.dmp

Filesize
408KB

Download
memory/3548-1-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3548-22-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download
memory/3548-2-0x0000000000400000-0x0000000000706000-memory.dmp

Filesize
3.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads