64940ebd8a544caa403b7b07892816255c28134eeb7eba9f3f95e72be3c49fbc

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbfe83671d8df87e93957d2e3b91a118_JaffaCakes118.exe
Size

94KB
MD5

fbfe83671d8df87e93957d2e3b91a118
SHA1

e1e8b68a341f88be30d14eff715bd8df2c9be591
SHA256

64940ebd8a544caa403b7b07892816255c28134eeb7eba9f3f95e72be3c49fbc
SHA512

d85d1c16b4f3c02874fbd2a4c1740a4cdbf64b7cbf6e577d6ee1bae261ac7a28c6d0a73b9ff9eed9c5d4c5b234daea5932035aee8b6aed39b93af36eff33eb4c
SSDEEP

1536:Hfg+M2Y9oH+cpTKeyaI0Z/od8bDbRvU5yYeVYXrgITAGXBB3exYEjpepikFIy:HfgyY9oH+cTKGI0Z/oooeVYXrgI0GXW4

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2040	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2040	1412	fbfe83671d8df87e93957d2e3b91a118_JaffaCakes118.exe	28
PID 1412 wrote to memory of 2040	1412	fbfe83671d8df87e93957d2e3b91a118_JaffaCakes118.exe	28
PID 1412 wrote to memory of 2040	1412	fbfe83671d8df87e93957d2e3b91a118_JaffaCakes118.exe	28
PID 1412 wrote to memory of 2040	1412	fbfe83671d8df87e93957d2e3b91a118_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\fbfe83671d8df87e93957d2e3b91a118_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbfe83671d8df87e93957d2e3b91a118_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Tvj..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tvj..bat

Filesize
238B

MD5
9b2e36f4c60c7be87a0be101e63d47ac

SHA1
2e60c2e0b79ee823502a0d680a9e9d511b541050

SHA256
a37acb42132650b59e361a761e1697227c37f4660cb1bbfc0862e0f5d3ea030b

SHA512
9a4e1841132d58fb98da674ec0219249feae0262ec46ca7509763b50ba717675b5fddd9ea10964982b88cc8cafd2ad0ae1bf4021c84189c3a612f3706c600753

Download Submit
memory/1412-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1412-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1412-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1412-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1412-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1412-6-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download