bd1cd66742d6a64fe01698ade6837f6a4ea8cbe73c7c8ffd2f8c512a0a490d28

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe
Size

164KB
MD5

19b20cdad4a0845f4159cd7e7cc07171
SHA1

96b5955de3c049289ad098315764cd85681191c1
SHA256

bd1cd66742d6a64fe01698ade6837f6a4ea8cbe73c7c8ffd2f8c512a0a490d28
SHA512

9ca03fb39f6c38a8446bb59b5b75fa30b25089bba4997cdfb20ec40f545d358c92e42259574b25fa59680aa572a4ac645684041dd4ba766a0ede0c4c0bdd589a
SSDEEP

3072:Xuug/5q6gVLypcUYNNUMT+f02kqXlgOlxuBQb3TS/1:XuTgVLycU0U1kxixuB+DG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe

pid process

2220 19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe

pid	process
2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe

Loads dropped DLL 12 IoCs

Processes:

19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exeWerFault.exe

pid	process
2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe
2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe
2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2824 2220 WerFault.exe 19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe

pid	pid_target	process	target process
2824	2220	WerFault.exe	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe

description	pid	process	target process
PID 2408 wrote to memory of 2220	2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
PID 2408 wrote to memory of 2220	2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
PID 2408 wrote to memory of 2220	2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
PID 2408 wrote to memory of 2220	2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
PID 2408 wrote to memory of 2220	2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
PID 2408 wrote to memory of 2220	2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
PID 2408 wrote to memory of 2220	2408	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
PID 2220 wrote to memory of 2824	2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe	WerFault.exe
PID 2220 wrote to memory of 2824	2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe	WerFault.exe
PID 2220 wrote to memory of 2824	2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe	WerFault.exe
PID 2220 wrote to memory of 2824	2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe	WerFault.exe
PID 2220 wrote to memory of 2824	2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe	WerFault.exe
PID 2220 wrote to memory of 2824	2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe	WerFault.exe
PID 2220 wrote to memory of 2824	2220	19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2408

C:\Users\Admin\AppData\Local\Temp\19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
C:\Users\Admin\AppData\Local\Temp\19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 252
3⤵
- Loads dropped DLL
- Program crash
PID:2824

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\19b20cdad4a0845f4159cd7e7cc07171_JaffaCakes118mgr.exe
Filesize
92KB

MD5
5adaae6bfabaddea50ed5c0b957ad92e

SHA1
6053981e2aa05ac58fbb6dbb44f9883aff8d72d4

SHA256
6762ce79f5b4746fad78ffdc7ab627fe08ef6cb6028c3ffe2c71245ba27b322f

SHA512
6561dd9676f180f084eb0a00411a68cc00eef7847d74eff6e13549f788830b79a678cd5089268527393052bab511482cb9122daa035b2f96777b4e9075818441

Download Submit
memory/2220-18-0x0000000000400000-0x0000000000428E39-memory.dmp

Filesize
163KB

Download
memory/2220-17-0x0000000000130000-0x0000000000159000-memory.dmp

Filesize
164KB

Download
memory/2408-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2408-1-0x00000000002F0000-0x0000000000319000-memory.dmp

Filesize
164KB

Download
memory/2408-2-0x00000000002F0000-0x0000000000319000-memory.dmp

Filesize
164KB

Download
memory/2408-6-0x00000000002F0000-0x0000000000319000-memory.dmp

Filesize
164KB

Download
memory/2408-12-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download