8d7c1f4f7bca64b9b9efbe2f2f6c20dbd28d9b25fdc2738b309c7e1635f20b9c

Analysis

max time kernel
147s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe
Size

282KB
MD5

ff10a202db671de2ab87ae64a09273a3
SHA1

dbfdb1c7e1f1cec7b785f3bedadae62540d1d2af
SHA256

8d7c1f4f7bca64b9b9efbe2f2f6c20dbd28d9b25fdc2738b309c7e1635f20b9c
SHA512

f0d3dde1e899f0b88b5428d6ddf2bd36beb479c29d3170cd626b0fb962d97456376dd42bbea7805e5553cd2a95f3a567bcfc6d1e69378d950e91f762c0b4b391
SSDEEP

6144:BsojPn6I2muHl7Ab+w14cnMbD98MH8P8MpPC:F6IEl7Rw14cMbD91i8Mk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
656	ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe
656	ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe
656	ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe
656	ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe
656	ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 5764	656	ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe	101
PID 656 wrote to memory of 5764	656	ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe	101

C:\Users\Admin\AppData\Local\Temp\ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff10a202db671de2ab87ae64a09273a3_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.hdmuvies.com/
  2⤵
  PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1324 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4080 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
1⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3944 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
1⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5148 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5432 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
1⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5668 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
1⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4988 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4944 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsa8569.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8569.tmp\blowfish.dll

Filesize
60KB

MD5
926e4475c00fb5254c32c876921b77d0

SHA1
8a55bc8b6e49021a4abbd441783c41d5e019798b

SHA256
d54c8582863c079996c4f1113b1c106204773ad9ea2ae831ba2b33b45bafdfa8

SHA512
53f389e1a967c123ed591c7650cf6d3140abf1012dcac90faf2327e68558949eb2b19905098bd14ab3a9811d23f98466f88418d992ca6373f94afae56a285bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8569.tmp\nswebgui.dll

Filesize
157KB

MD5
d9a739b933fcebe78f5bccc005a9c36b

SHA1
cde6df6c85343dbd43fad1e888eca40cca30f117

SHA256
39a7ef02acd716addb714ef1a8748ee300f8fd14f8f030a6e9dcab236c202f37

SHA512
0090e750bcf7b3224567fa75e8832c41fd64029dd1c6a5d947aa8d12f507e4557a9ecbc26b276a2b689422c4e7f07620e2fab86d2564d7a3ce2c0cab41443ab6

Download Submit
memory/656-16-0x00000000023C0000-0x00000000023EC000-memory.dmp

Filesize
176KB

Download