3ff078acafa70ffbfcbc5331d14298b0e43a59b80769993de69aece376ac10e8

Resubmissions

20-04-2024 16:00

240420-tfp3gacc29 10

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
Size

1.0MB
MD5

fd207a395742b0ff3aafc447f1f362b5
SHA1

fa87a70741d18f6ec194a380eba3d14f2147e40e
SHA256

3ff078acafa70ffbfcbc5331d14298b0e43a59b80769993de69aece376ac10e8
SHA512

d068df81bd697baa4953d58442097558f92b1faca790ae27d943b7fcfb4c8682e619288c53ed11218a2f994ffed479484ead216a7c5eefe534baee4dcceca767
SSDEEP

24576:y4lavt0LkLL9IMixoEFNYQV527Yd6FEgk:lkwkn9IMSNYQV07UMEg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2632-9-0x0000000000400000-0x0000000000481000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/1336-0-0x0000000000400000-0x000000000050D000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe

pid process

1336 fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe

pid	process
1336	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe

description	pid	process	target process
PID 1336 wrote to memory of 2632	1336	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
PID 1336 wrote to memory of 2632	1336	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
PID 1336 wrote to memory of 2632	1336	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
PID 1336 wrote to memory of 2632	1336	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
PID 1336 wrote to memory of 2632	1336	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe	fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1336

C:\Users\Admin\AppData\Local\Temp\fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe"
2⤵
PID:2632

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rdanvhvbcdfa
Filesize
226KB

MD5
78195b3f07db2beb1f4c96049db81ee0

SHA1
531ad3ec157125b0f017f62e44d64b27b218be00

SHA256
bbe71852290a579a002af2191e2fd7e02798b28b1abf194184f68fe1fcc5cb47

SHA512
fd32aaf4c30047391fa7813bb4ea12371c7bfcca524c5f9b59c8560201cbe625cba1d1554a396a06eedec3929ed008d51bc42e52f8a29e72609cdf288dc4be32

Download Submit
memory/1336-0-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1336-7-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1336-8-0x00000000003E0000-0x00000000003E2000-memory.dmp

Filesize
8KB

Download
memory/2632-9-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads