430cd902ab9e9180cbe235bae7f719d6e9c73d58a17ca19a891f9a90fcf51cdc

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb415a87bdf40445e6adddc842c9ed2b_JaffaCakes118.exe
Size

714KB
MD5

fb415a87bdf40445e6adddc842c9ed2b
SHA1

449e5edaf11f093a4784086c7630c6b21ff56726
SHA256

430cd902ab9e9180cbe235bae7f719d6e9c73d58a17ca19a891f9a90fcf51cdc
SHA512

c43f0bce753990dc60743b4ca4584f22c43e818b1ffa6b9a6fb6e00c3b133fedb3298a1b14bffb6164f13357634984fc81640eab7a98f00fd1a48002216bcbc9
SSDEEP

12288:0ujIrJyuVvgfhqYmNkjmC8f38uIAsiAewhHvcdb76K77qjqpz8NC:GroulcAi78fr1sLewhPMb7177qQ8NC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3344-0-0x0000000000400000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3344-6-0x0000000000400000-0x0000000000510000-memory.dmp	upx

Gathers system information 1 TTPs 5 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
4680	systeminfo.exe
1128	systeminfo.exe
2372	systeminfo.exe
2028	systeminfo.exe
1860	systeminfo.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3344 wrote to memory of 740	3344	fb415a87bdf40445e6adddc842c9ed2b_JaffaCakes118.exe	85
PID 3344 wrote to memory of 740	3344	fb415a87bdf40445e6adddc842c9ed2b_JaffaCakes118.exe	85
PID 3344 wrote to memory of 740	3344	fb415a87bdf40445e6adddc842c9ed2b_JaffaCakes118.exe	85
PID 740 wrote to memory of 4680	740	CMD.exe	88
PID 740 wrote to memory of 4680	740	CMD.exe	88
PID 740 wrote to memory of 4680	740	CMD.exe	88
PID 740 wrote to memory of 1128	740	CMD.exe	93
PID 740 wrote to memory of 1128	740	CMD.exe	93
PID 740 wrote to memory of 1128	740	CMD.exe	93
PID 740 wrote to memory of 2372	740	CMD.exe	94
PID 740 wrote to memory of 2372	740	CMD.exe	94
PID 740 wrote to memory of 2372	740	CMD.exe	94
PID 740 wrote to memory of 2028	740	CMD.exe	99
PID 740 wrote to memory of 2028	740	CMD.exe	99
PID 740 wrote to memory of 2028	740	CMD.exe	99
PID 740 wrote to memory of 1860	740	CMD.exe	100
PID 740 wrote to memory of 1860	740	CMD.exe	100
PID 740 wrote to memory of 1860	740	CMD.exe	100

C:\Users\Admin\AppData\Local\Temp\fb415a87bdf40445e6adddc842c9ed2b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb415a87bdf40445e6adddc842c9ed2b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3344
- C:\Windows\SysWOW64\CMD.exe
  CMD /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "C:\Users\Admin\AppData\Local\Temp\fb415a87bdf40445e6adddc842c9ed2b_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:740
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:4680
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:1128
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2372
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2028
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3344-0-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/3344-1-0x0000000002370000-0x00000000023F2000-memory.dmp

Filesize
520KB

Download
memory/3344-2-0x0000000002130000-0x0000000002147000-memory.dmp

Filesize
92KB

Download
memory/3344-4-0x00000000028B0000-0x000000000299D000-memory.dmp

Filesize
948KB

Download
memory/3344-5-0x0000000002A90000-0x0000000002B7B000-memory.dmp

Filesize
940KB

Download
memory/3344-6-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/3344-7-0x0000000002130000-0x0000000002147000-memory.dmp

Filesize
92KB

Download