83fc075e6f10aa06973e230e0ea27f6fe59713957bc4905bc7995ff371ecc9c3

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
Size

7.4MB
MD5

a9ed576a45d31c55b89b47692818ec36
SHA1

97401500d68729adf176593049668edf1ece06eb
SHA256

83fc075e6f10aa06973e230e0ea27f6fe59713957bc4905bc7995ff371ecc9c3
SHA512

956dc95ac182bafffb170a536f73a382cc2825c16c88b73021d44d8a2611e3dd2f03abfd6fd2b73b2cd96817573f910fd9e1af8927ec0fa48e4b201a8fcdb80c
SSDEEP

196608:tuCUGeI179onJ5hrZERTyiU8AdZYJERepWrTut7GsQqb4:fl9c5hlERLAdZYyEpWruG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2576	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
2576	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
2576	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
2576	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
2576	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
2576	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
2576	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 2576	1596	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe	31
PID 1596 wrote to memory of 2576	1596	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe	31
PID 1596 wrote to memory of 2576	1596	a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Users\Admin\AppData\Local\Temp\a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a9ed576a45d31c55b89b47692818ec36_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
54d2f426bc91ecf321908d133b069b20

SHA1
78892ea2873091f016daa87d2c0070b6c917131f

SHA256
646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641

SHA512
6b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
20KB

MD5
d1b3cc23127884d9eff1940f5b98e7aa

SHA1
d1b108e9fce8fba1c648afaad458050165502878

SHA256
51a73fbfa2afe5e45962031618ec347aaa0857b11f3cf273f4c218354bfe70cb

SHA512
ee5e0d546190e8ba9884ab887d11bb18fc71d3878983b544cd9ab80b6dd18ad65e66fe49fe0f4b92cbc51992fb1c39de091cf789159625341a03f4911b968fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\okay.exe.manifest

Filesize
1KB

MD5
a637f2ecb1e5102b39ebca4b5371d877

SHA1
88543c92fbb17bce12d36c0f8f03cc21b822e84a

SHA256
39d75ffa1634ad1ecdb0a4d2b28ef47ca5017b4ec6a37b5a90af2cade8ed293f

SHA512
497ddd284b2077889d5f48cbe8f7c631ab6385bd602a6186db28dff6355caf02da2327ea7ffa63014795dd1c7b4605430a700e373bc27696f57ec31668e0d4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\python39.dll

Filesize
4.3MB

MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15962\ucrtbase.dll

Filesize
1002KB

MD5
298e85be72551d0cdd9ed650587cfdc6

SHA1
5a82bcc324fb28a5147b4e879b937fb8a56b760c

SHA256
eb89af5911a60d892a685181c397d32b72c61dc2ad77dd45b8cac0fbb7602b84

SHA512
3fafea5ff0d0b4e07f6354c37b367ada4da1b607186690c732364518a93c3fd2f5004014c9c3d23dde28db87d1cb9ae1259cda68b9ba757db59a59d387ac4e02

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b5060343583e6be3b3de33ccd40398e0

SHA1
5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

SHA256
27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

SHA512
86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
2e8995e2320e313545c3ddb5c71dc232

SHA1
45d079a704bec060a15f8eba3eab22ac5cf756c6

SHA256
c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

SHA512
19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15962\api-ms-win-core-timezone-l1-1-0.dll

Filesize
20KB

MD5
36165a5050672b7b0e04cb1f3d7b1b8f

SHA1
ef17c4622f41ef217a16078e8135acd4e2cf9443

SHA256
d7ab47157bff1b2347e7ae945517b4fc256425939ba7b6288ff85a51931568a7

SHA512
da360ff716bb66dd1adb5d86866b4b81b08a6fe86362fded05430f833a96934ccdada1b3081b55766a4a30c16d0d62aa1715b8839ea5c405a40d9911715dae68

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads