e8464fe7b0803d041f98457eb69a1c7c118e6f736c144f28c679ef58034a980e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 13:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f11dfbb4cf9a1ecbd057db18949fe3ae_JaffaCakes118.exe
Size

100KB
MD5

f11dfbb4cf9a1ecbd057db18949fe3ae
SHA1

18d1940c29dcf6f92c0de2327bd57b5a07fc48cf
SHA256

e8464fe7b0803d041f98457eb69a1c7c118e6f736c144f28c679ef58034a980e
SHA512

efded56656baefcb4309f4f74d65fb546b32a4e0bbcd7c07de1472e79f4ce7541c2552f01d4d3f12dbb59a7908baac7410915a1c3c3b3ee67ff230e1bca7b0e4
SSDEEP

1536:SzxcMPyYfQxJVgux399nGBKMDwgWsrsm94x1Vg98uPGUt8bfgwlSU6bCz2gCzuYU:SryAQxEux8tDisuyRPGUt8E4+ktY

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3008	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 3008	2204	f11dfbb4cf9a1ecbd057db18949fe3ae_JaffaCakes118.exe	28
PID 2204 wrote to memory of 3008	2204	f11dfbb4cf9a1ecbd057db18949fe3ae_JaffaCakes118.exe	28
PID 2204 wrote to memory of 3008	2204	f11dfbb4cf9a1ecbd057db18949fe3ae_JaffaCakes118.exe	28
PID 2204 wrote to memory of 3008	2204	f11dfbb4cf9a1ecbd057db18949fe3ae_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\f11dfbb4cf9a1ecbd057db18949fe3ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f11dfbb4cf9a1ecbd057db18949fe3ae_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Gkb..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Gkb..bat

Filesize
238B

MD5
2bef60d2cbc02fe61292a5b5a3eb6d5d

SHA1
6e2d40ddee9fcd4f21143bf3d9165378685e7b28

SHA256
947179d3266d90dc0f5d288f58b136279671f6aff1f509d6ffdd9cfc2ed65c23

SHA512
4912d13edc7191db0944328c7a3e84b07dd94eab795b39a65a3238ae5267edf11f149ccac9367f5ffdb3c6c08b2b5938668680d4d50b57f1e1d8b9cd394ee564

Download Submit
memory/2204-1-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2204-0-0x0000000000220000-0x0000000000231000-memory.dmp

Filesize
68KB

Download
memory/2204-3-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download