143393d2c44ea6fd38f7c96dd6138494eada4e2fa206c30764ebe804c72ae170

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe2ed76a199e3e7213ca266b3c05d9f0_JaffaCakes118.exe
Size

452KB
MD5

fe2ed76a199e3e7213ca266b3c05d9f0
SHA1

f2eff616ad2865ed0be4aaf46d9832d1a50189cf
SHA256

143393d2c44ea6fd38f7c96dd6138494eada4e2fa206c30764ebe804c72ae170
SHA512

593c314da82e8f2ce8be20c6e417461876ffd6d21e2fe6349cafaeb1b5504ff015c22758acb0f1c455093b06b539712ce5ef5546db67c57c94a0c955ed3a93d7
SSDEEP

6144:ja+TodlGtN2juQvvkksGJ/WdXjkN+d1fwLnmNkJVUA33E0D5wj7WZ/NXeIa4VNtK:jkdGQvvcOkXjODnPUA3hwWB7ODTg05

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fe2ed76a199e3e7213ca266b3c05d9f0_JaffaCakes118.lnk	fe2ed76a199e3e7213ca266b3c05d9f0_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
2200	fe2ed76a199e3e7213ca266b3c05d9f0_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\fe2ed76a199e3e7213ca266b3c05d9f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe2ed76a199e3e7213ca266b3c05d9f0_JaffaCakes118.exe"
1⤵
- Drops startup file
- Loads dropped DLL
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\{4697d4c1-ece1-eb07-4697-7d4c1ece5307}\fe2ed76a199e3e7213ca266b3c05d9f0_JaffaCakes118.exe

Filesize
452KB

MD5
fe2ed76a199e3e7213ca266b3c05d9f0

SHA1
f2eff616ad2865ed0be4aaf46d9832d1a50189cf

SHA256
143393d2c44ea6fd38f7c96dd6138494eada4e2fa206c30764ebe804c72ae170

SHA512
593c314da82e8f2ce8be20c6e417461876ffd6d21e2fe6349cafaeb1b5504ff015c22758acb0f1c455093b06b539712ce5ef5546db67c57c94a0c955ed3a93d7

Download Submit
memory/2200-16-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2200-8-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2200-14-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2200-6-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2200-13-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2200-10-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2200-0-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2200-15-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2200-21-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2200-20-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2200-19-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2200-12-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2200-17-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2200-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/2200-3-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2200-4-0x00000000003A0000-0x00000000003C6000-memory.dmp

Filesize
152KB

Download
memory/2200-18-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2200-11-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2200-22-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2200-26-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2200-27-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2200-28-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2200-29-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2200-30-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2200-31-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2200-32-0x0000000000160000-0x0000000000162000-memory.dmp

Filesize
8KB

Download
memory/2200-33-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2200-34-0x0000000000400000-0x0000000000401000-memory.dmp

Filesize
4KB

Download
memory/2200-2-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download