Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
15-10-2024 04:11
General
-
Target
45c76c1717fe39f6eada9ad5e08eca8b_JaffaCakes118.exe
-
Size
74KB
-
MD5
45c76c1717fe39f6eada9ad5e08eca8b
-
SHA1
dc414caff1bb1b5d15b73e3c32d13a323322fd13
-
SHA256
062bed039cb8d49df104f180a07b13dc5274852d4e5e885159a92008edad7250
-
SHA512
9ca314168aae42205065bbfdc94e589ba0bbb4932c94fb7e4820a7d3f579b275466dd85c83f109614d5b10d6cff42b44f2d7edbd29fa7bf1f52ddfa564bd1834
-
SSDEEP
1536:8mmg2PcY3CfPsraJvnmnt2USxzF7wsSXokv1h/WalxZrT3hmz/ES:8mmTPsfPsraJ+n05xzuYU1Ialn5mzES
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45c76c1717fe39f6eada9ad5e08eca8b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\45c76c1717fe39f6eada9ad5e08eca8b_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe27⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe29⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe30⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe31⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe32⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe66⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe67⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe69⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe70⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe71⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe72⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe73⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe74⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe75⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe76⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe77⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe78⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe79⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe80⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe81⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe82⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe83⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe84⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe85⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe86⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe87⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe88⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe89⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe90⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe91⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe92⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe93⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe94⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe95⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe96⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe97⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe98⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe99⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe100⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe101⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe102⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe103⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe104⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe105⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe106⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe107⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe108⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe109⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe110⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe111⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe112⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe113⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe114⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe115⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe116⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe117⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe118⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe119⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe120⤵
-
C:\Windows\SysWOW64\msapi.exeC:\Windows\system32\msapi.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-