bfe705698cfe99028503043383ca780d4cdc598986f58bedd041de72a8c5e89c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 04:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
Size

8.0MB
MD5

fb7b3203a94bde632998560bd61271f4
SHA1

82f55cf2a3fd86ca21d8a4ad8698e64f12b91de7
SHA256

bfe705698cfe99028503043383ca780d4cdc598986f58bedd041de72a8c5e89c
SHA512

a35060c0bbb6f2d5e79af2bc4282fbb56d6c1d4a8dea20222a640631ab5ef585b1c8ccf0c780508817549fa9c48054c7e0b7d73235442e683b5428a88d3ef882
SSDEEP

196608:/D+gp1Df8U9onJ5hrZER9xQ3jo4UUr2Rt7+YXbvyhnqG:9pNr9c5hlER9xA2U+tSMvy

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2884	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
2884	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
2884	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
2884	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
2884	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
2884	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
2884	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2884	2168	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe	31
PID 2168 wrote to memory of 2884	2168	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe	31
PID 2168 wrote to memory of 2884	2168	fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\fb7b3203a94bde632998560bd61271f4_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21682\api-ms-win-core-file-l1-2-0.dll

Filesize
8KB

MD5
6803628b71ff81ed3a6ba1e5036ce93a

SHA1
c042b0cabf9c95f1f6dc8fd7094ddf2a113a90c0

SHA256
8dc40cad7c57c998863d8112067c29cd41dcaa7ba58b13646a28e6fd3f787bc7

SHA512
4503a4c8b474f2f5458304238ba02d8f3da429137bf823ec952c24df32596dfd8f65931299808cea9f5ee1399452dd41952fe4143789ab3097bfdeca1fb75aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21682\api-ms-win-core-localization-l1-2-0.dll

Filesize
11KB

MD5
d00a8c302b88c6f1d156bdae8756dc73

SHA1
b62df862999abd897b70ecce19e9e122552bfd4a

SHA256
63887362bf0ab880112f75b897db9525e73ddbd101fa0d79063e012264aa5518

SHA512
1e03fd4b90a7682581d83c59aca6790280677fb7953acf0b627dbecc03ee4ce01ce666519eb8718eb0ebb963d9ab61464c0a450dee401fed2c36c24ff6ea2cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21682\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
9KB

MD5
0ca31d9ef5b69f0068ad6455faa2dfa7

SHA1
b1b9065f57aaf79a0aafc22106a573c555fc4b6d

SHA256
7814e719d493c31960dde586924d9db7e428cf53a789f357e8341ba8e536691a

SHA512
866155eb136b2eec3f9d51b88d00c91a2d5580bd44bb04166fdd52560cc4ea4f20ae4cdb1dd0d28227dadbda181de56dc842d02bb4002d927d39b2f5f1c56328

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21682\python39.dll

Filesize
4.2MB

MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21682\ucrtbase.dll

Filesize
983KB

MD5
16f76e4b80c72f545f5a14eb03569cb8

SHA1
cd725370ab7526e98d8ddc1297a21bc0fa3d105a

SHA256
29b514aaad1d6dc2e2a7363f3e1c091104840d5028eb5108f7fdff785721e305

SHA512
b49960072e42f28ee8493388f3d2320535a6bc49d6f4abc61c869c888cd6fe166818c579713b12eb62bd955c44688b0bd9c49f443122b79721927834c33cc995

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21682\api-ms-win-core-file-l2-1-0.dll

Filesize
8KB

MD5
3e35ce8389e3e54cefcbc19d238097a1

SHA1
8d902c91bc03c517bc4ef0397dd27e7ff3e1ca62

SHA256
abcf8a288858e602078e51e6e837b78c360637976debee6dba1425220f642acb

SHA512
ddf1757c750465975f746ab4f35bacf7254432cb866fdfbf7cff3ff16d47462e9bfd5f3b3c4587a1dfcc24e1bdffc55ba05e9ab8be4483de125dd278119486ef

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21682\api-ms-win-core-timezone-l1-1-0.dll

Filesize
9KB

MD5
042bf967e64e2245b57759c6d9d817d1

SHA1
aed3018f94a0e6bfabbdd944956b13c4d96d0884

SHA256
6c48995abc03fe6acf50287f2edffd62ebcf3239c9fe71656267b650b0dda1fc

SHA512
da4aebe4685f304faf8705594b1f63c82b32aa0c5f1bce3a3bcddeec0fd0a317286a3a97e67f05ce43464627d51e10b390e1f8146298e2a0feca73211e5c8c1d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads