538ab05e64f9d5172004cbe8ede69807408fd971e6a07f7fbde1109c62fded64

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 20:47

Target

fb22bfc95d2340a8acacf5dfbf269185_JaffaCakes118.exe
Size

24KB
MD5

fb22bfc95d2340a8acacf5dfbf269185
SHA1

ca81cb7520a5fe9cde55daf04a6ed8390474acff
SHA256

538ab05e64f9d5172004cbe8ede69807408fd971e6a07f7fbde1109c62fded64
SHA512

dff0de20b767cb78dacfccfba43885479268f505d726e2c1c6b9380ad6e1a8190dc73dbc8bbccae4b861162d812926c9abcb6a7b2992074242e438b8078dcc8b
SSDEEP

768:0sGlKBVcFxk3E3lBtkLLjWLS0Kbw0IYZKY0KYf:S2ik3E1z+jMSH8glGf

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3044	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1776	fb22bfc95d2340a8acacf5dfbf269185_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 3044	1776	fb22bfc95d2340a8acacf5dfbf269185_JaffaCakes118.exe	28
PID 1776 wrote to memory of 3044	1776	fb22bfc95d2340a8acacf5dfbf269185_JaffaCakes118.exe	28
PID 1776 wrote to memory of 3044	1776	fb22bfc95d2340a8acacf5dfbf269185_JaffaCakes118.exe	28
PID 1776 wrote to memory of 3044	1776	fb22bfc95d2340a8acacf5dfbf269185_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\fb22bfc95d2340a8acacf5dfbf269185_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb22bfc95d2340a8acacf5dfbf269185_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\259395982.bat" "
  2⤵
  - Deletes itself
  PID:3044

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\259395982.bat

Filesize
261B

MD5
579c21fc8d3cd899f21cc4f05b38172b

SHA1
f7ec5aac4e2a0fed52f5811c81094f79f4f87731

SHA256
a79367c628027cf71ce0344271ae8870656dd483036a5b386f27567189052bb2

SHA512
46adb1a1a6f234472fc3871daf8b79573517ba355f1e12bbf55dd7e69a825f6cd085db8ecd9f65378f661d176ed379db9f6df8f40a52cadd990b6f1b569162fd

Download Submit
memory/1776-9-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download