70ddb013e92765b03bf48692a515082a9c343ec86124ac631266517b40b7a69a

Analysis

max time kernel
71s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-09-2024 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118.exe
Size

905KB
MD5

f8b2caa2d6db38de32b9626a3b0f9dff
SHA1

0e60bcac8324de0199ead858dd5334a4accbf02d
SHA256

70ddb013e92765b03bf48692a515082a9c343ec86124ac631266517b40b7a69a
SHA512

488381acfb335930e94502a480d80671d65502fbeb95522664b0ef2406123f456c275051036680c96a060b9da946ba68e53375cd479ecf134f4d047566a9b21b
SSDEEP

12288:Cgfe07KFML7iLMucoUe7dG1lFlWcYT70pxnnaaoawnjKgRRA8rZNrI0AilFEvxHG:jtY4MROxnFbgHLrZlI0AilFEvxHina2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118.execsc.exe

description	pid	process	target process
PID 584 wrote to memory of 2352	584	f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118.exe	csc.exe
PID 584 wrote to memory of 2352	584	f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118.exe	csc.exe
PID 584 wrote to memory of 2352	584	f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118.exe	csc.exe
PID 2352 wrote to memory of 2912	2352	csc.exe	cvtres.exe
PID 2352 wrote to memory of 2912	2352	csc.exe	cvtres.exe
PID 2352 wrote to memory of 2912	2352	csc.exe	cvtres.exe

C:\Users\Admin\AppData\Local\Temp\f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:584
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2agojqxd.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES910A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9109.tmp"
    3⤵
    PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2agojqxd.dll

Filesize
76KB

MD5
f1d573d2106b33fbf93233e64544e83f

SHA1
1a6af692b9383e04c33c66f289b2c86921fda21e

SHA256
342f6f78c5cee03b9d9b3ff1376aa154e554ca4c68b04ea41ff65c63c5a3c8db

SHA512
4ff8337c6ed7bd3c7c40f54a4f7de0de534900ee47429a483fd39924d61463b53f6ee294e430b330c1e50f6f7e2c28eb5f2a06e69b9b38963192ba225b4e5d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES910A.tmp

Filesize
1KB

MD5
7cfbb1e7c54ebbafa94acd3971f48262

SHA1
12a56ea03057f8064e74ff12f82832685af8f6aa

SHA256
7977a7e87d90f173eff066f6bb1cd679c149a2fc0430c141c6f5c705f5314d88

SHA512
28802d2d7eed0e94328e0d4537fc9933d16459768c916abe126c4f2fc2496a6ade6f9acfed05b3ca2439843017f7fa54ed163d716af44da1f9b94cc666353c07

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\2agojqxd.0.cs

Filesize
208KB

MD5
6011503497b1b9250a05debf9690e52c

SHA1
897aea61e9bffc82d7031f1b3da12fb83efc6d82

SHA256
08f42b8d57bb61bc8f9628c8a80953b06ca4149d50108083fca6dc26bdd49434

SHA512
604c33e82e8b5bb5c54389c2899c81e5482a06e69db08268173a5b4574327ee5de656d312011d07e50a2e398a4c9b0cd79029013f76e05e18cf67ce5a916ffd9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\2agojqxd.cmdline

Filesize
349B

MD5
26b2c9a16c9bc47b25de59f24a0f5f96

SHA1
eed93b117cb3a830ec8b4533cb6cda277e973f05

SHA256
8997ce71d092fdcea8c4f5753bfbfbb02fdf39b250119ba8806b1c2081d51043

SHA512
ebff29d6006efb31d08dd45b2afcda008a5dc3a833b743bc0eb9231c129b06fc7dab9af2b64bc7418ec3ae332ef440678c0e503ebb8e5d5f2e146a7a7ce7feae

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC9109.tmp

Filesize
676B

MD5
f3095cac6ed8c242430c89344fd163e0

SHA1
2b84b9a2856e01d34e12cd683ded5d080f81623a

SHA256
1c0bc78488a7d0573014ef13a74287fbb1a8d7ae6be8090c232dc7909ec1fbbe

SHA512
63e25d4ae4679d418956c78ae56fe62e7866e3ea0e1130dbeceda3d9fedf0d9f950fb54282fe3af84596ccfa7bc0c2c6175a61d3f5024c855d952e5300d0daff

Download Submit
memory/584-7-0x000007FEF5760000-0x000007FEF60FD000-memory.dmp

Filesize
9.6MB

Download
memory/584-0-0x000007FEF5A1E000-0x000007FEF5A1F000-memory.dmp

Filesize
4KB

Download
memory/584-3-0x000007FEF5760000-0x000007FEF60FD000-memory.dmp

Filesize
9.6MB

Download
memory/584-1-0x0000000000A40000-0x0000000000A9C000-memory.dmp

Filesize
368KB

Download
memory/584-2-0x0000000000290000-0x000000000029E000-memory.dmp

Filesize
56KB

Download
memory/584-19-0x0000000000F20000-0x0000000000F36000-memory.dmp

Filesize
88KB

Download
memory/584-21-0x0000000000340000-0x0000000000352000-memory.dmp

Filesize
72KB

Download
memory/584-22-0x000007FEF5760000-0x000007FEF60FD000-memory.dmp

Filesize
9.6MB

Download
memory/584-23-0x000007FEF5760000-0x000007FEF60FD000-memory.dmp

Filesize
9.6MB

Download
memory/584-24-0x000007FEF5A1E000-0x000007FEF5A1F000-memory.dmp

Filesize
4KB

Download
memory/2352-10-0x000007FEF5760000-0x000007FEF60FD000-memory.dmp

Filesize
9.6MB

Download
memory/2352-17-0x000007FEF5760000-0x000007FEF60FD000-memory.dmp

Filesize
9.6MB

Download