Resubmissions
20-04-2024 16:00
240420-tfp3gacc29 10Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 16:00
Static task
static1
Behavioral task
behavioral1
Sample
fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
-
Size
1.0MB
-
MD5
fd207a395742b0ff3aafc447f1f362b5
-
SHA1
fa87a70741d18f6ec194a380eba3d14f2147e40e
-
SHA256
3ff078acafa70ffbfcbc5331d14298b0e43a59b80769993de69aece376ac10e8
-
SHA512
d068df81bd697baa4953d58442097558f92b1faca790ae27d943b7fcfb4c8682e619288c53ed11218a2f994ffed479484ead216a7c5eefe534baee4dcceca767
-
SSDEEP
24576:y4lavt0LkLL9IMixoEFNYQV527Yd6FEgk:lkwkn9IMSNYQV07UMEg
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2632-9-0x0000000000400000-0x0000000000481000-memory.dmp upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
Processes:
resource yara_rule behavioral1/memory/1336-0-0x0000000000400000-0x000000000050D000-memory.dmp autoit_exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exepid process 1336 fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exedescription pid process target process PID 1336 wrote to memory of 2632 1336 fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe PID 1336 wrote to memory of 2632 1336 fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe PID 1336 wrote to memory of 2632 1336 fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe PID 1336 wrote to memory of 2632 1336 fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe PID 1336 wrote to memory of 2632 1336 fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe"1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fd207a395742b0ff3aafc447f1f362b5_JaffaCakes118.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\rdanvhvbcdfaFilesize
226KB
MD578195b3f07db2beb1f4c96049db81ee0
SHA1531ad3ec157125b0f017f62e44d64b27b218be00
SHA256bbe71852290a579a002af2191e2fd7e02798b28b1abf194184f68fe1fcc5cb47
SHA512fd32aaf4c30047391fa7813bb4ea12371c7bfcca524c5f9b59c8560201cbe625cba1d1554a396a06eedec3929ed008d51bc42e52f8a29e72609cdf288dc4be32
-
memory/1336-0-0x0000000000400000-0x000000000050D000-memory.dmpFilesize
1.1MB
-
memory/1336-7-0x00000000003C0000-0x00000000003C1000-memory.dmpFilesize
4KB
-
memory/1336-8-0x00000000003E0000-0x00000000003E2000-memory.dmpFilesize
8KB
-
memory/2632-9-0x0000000000400000-0x0000000000481000-memory.dmpFilesize
516KB