Analysis

  • max time kernel
    133s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 05:04

General

  • Target

    dbf4a2b38996ff3b5aded7751ccfc887_JaffaCakes118.exe

  • Size

    14KB

  • MD5

    dbf4a2b38996ff3b5aded7751ccfc887

  • SHA1

    3f5a55079cccde72029dcb5fdd6650afe08dd1e8

  • SHA256

    5a542e621f1fa3e219cb70bacaf3e376dc592344b97bda3fe1e82a3a9c59e52e

  • SHA512

    40b3cd581b94eaf0c464f1134f18a323632333f8781e3a1d22382438e172bae2cf2a698a2853fbeadb3ce0ca26409e5342b32411f95c3190c1949fef7ac401ed

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhDv:hDXWipuE+K3/SSHgx9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbf4a2b38996ff3b5aded7751ccfc887_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dbf4a2b38996ff3b5aded7751ccfc887_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\DEM6078.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM6078.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Users\Admin\AppData\Local\Temp\DEMB664.exe
        "C:\Users\Admin\AppData\Local\Temp\DEMB664.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1724
        • C:\Users\Admin\AppData\Local\Temp\DEMBC4.exe
          "C:\Users\Admin\AppData\Local\Temp\DEMBC4.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Users\Admin\AppData\Local\Temp\DEM620D.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM620D.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1556
            • C:\Users\Admin\AppData\Local\Temp\DEMB76D.exe
              "C:\Users\Admin\AppData\Local\Temp\DEMB76D.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:592
              • C:\Users\Admin\AppData\Local\Temp\DEMD3A.exe
                "C:\Users\Admin\AppData\Local\Temp\DEMD3A.exe"
                7⤵
                • Executes dropped EXE
                PID:2044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEMB664.exe

    Filesize

    14KB

    MD5

    f15755f3361b852147f8aefee826289c

    SHA1

    cbe84a631d9fcdf8f73a7adf3ddd6a34d0763de3

    SHA256

    eb2009cf2761e0259c9e573f972405c4a408a67be08b160a11b3a04a26cc0035

    SHA512

    050fcf88a426232bc1a9188d466134168efb54a6958d215df2d3109f75e1506dc23191d6b94c156b1686d6a74dc127c78e78b41bd628dff0276887f4fd4116a7

  • \Users\Admin\AppData\Local\Temp\DEM6078.exe

    Filesize

    14KB

    MD5

    701e645d3b7c77bc0d2b271ae69f0323

    SHA1

    28f372fc0547093662f4ceefe516d3d2d089c496

    SHA256

    8e1d82bdbba763d31b6236301632773d4abdf01ab20dcc5b6af801e8191d2085

    SHA512

    e80ea4e1354f6c3516cdf853573112f0c9c6af4b785cba360c4e913fcecca849fb781be888e231e5f161db5623a9598967f74e80d5df05a06c5dde7bc559c72f

  • \Users\Admin\AppData\Local\Temp\DEM620D.exe

    Filesize

    14KB

    MD5

    398f17a5011111c0b244e0b94546fad6

    SHA1

    1d457a8b0dfce4796a230c4e43cec7825aa487c4

    SHA256

    93b2d304c3af9b9bcc362bd2eef606c808329db15f663b2374f81869cf440801

    SHA512

    92e266e25a38b391b807bf3f840e7f0b49153d172d92983206453ec21ed90212685cfe319135b5b5cf81febc162d3ad77c53aa3b3bdb85915e17af757c3fcdf9

  • \Users\Admin\AppData\Local\Temp\DEMB76D.exe

    Filesize

    14KB

    MD5

    21aa4e1907383264ff1121a924b8246b

    SHA1

    d05fe4c46e8299dadfb528cdf6bcae8a42fb41fb

    SHA256

    00f7e24338ca85459bd45e9cbce7869d2e7974c1400e38576336d738ce11159c

    SHA512

    a2e34361baf66b630ea495078e69db6d7ceb59db437de946c67f3b506978f9291bf62b01a8a7048c8cc1e2cc2b94005038f0f738a0e3db9387602ad7fd90720b

  • \Users\Admin\AppData\Local\Temp\DEMBC4.exe

    Filesize

    14KB

    MD5

    d78436c9f66d1b5289e12754e9bb7d16

    SHA1

    c8652a7c7cc05d815c9eaa0d90ea1a0702766143

    SHA256

    ae97eae5c4d3233a52c15fbb18ec4c52d0d182bf80e75f8f13da476fcaae1e2b

    SHA512

    0d7537083a4a67c240cd1d58d66801002c02fe160575a34c81a3346ab3601257ba9290d9d2407a5819c10aa6f5607fe0ee50672fd3a8b7473a3d7d3e4622264b

  • \Users\Admin\AppData\Local\Temp\DEMD3A.exe

    Filesize

    14KB

    MD5

    4993bcc5f65b81b8aa6897f79100fe05

    SHA1

    2d4447fc0af02197a962e229d0420432c79dc2b1

    SHA256

    d52646ee78c69054da962f6d5db7075e9ba14d88ceb1bd42f55b2b76b5a6645e

    SHA512

    daabd58bf5eea1ed70feb6d40ce5c54cf87839ca3b98c83180c3ade4695f16d74c34bc0774aff057af7e2613dd730b955cac8e6236eecebd132dc82b0b450dac