a6582a66bdb45f46de5fc6823ff723575b0bb480b65499575ca631dbd52b3881

Analysis

max time kernel
66s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0176acba45c9745710e4c6fdc4adee83_JaffaCakes118.exe
Size

180KB
MD5

0176acba45c9745710e4c6fdc4adee83
SHA1

15bac45eb02325ebae9daba355ab77e3a689696d
SHA256

a6582a66bdb45f46de5fc6823ff723575b0bb480b65499575ca631dbd52b3881
SHA512

09e737aa448b1f072d63ffa26485d860688834b3fd04c33fbc01c0ec6bf75fabb2d033349fbaca8cadefb7b1474d55d9f832e25220aa1f8d9d5b4ecf5e572d88
SSDEEP

3072:dP95fwVjSH3MZ0YQRYrgWbNPpEe3f1C/q/CM4BoQF9n:dP95Eq3MqYQugIf1CCwn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2392	1860	0176acba45c9745710e4c6fdc4adee83_JaffaCakes118.exe	84
PID 1860 wrote to memory of 2392	1860	0176acba45c9745710e4c6fdc4adee83_JaffaCakes118.exe	84
PID 1860 wrote to memory of 2392	1860	0176acba45c9745710e4c6fdc4adee83_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\0176acba45c9745710e4c6fdc4adee83_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0176acba45c9745710e4c6fdc4adee83_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yyyy.bat
  2⤵
  PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yyyy

Filesize
180KB

MD5
c5f337797b4cdfd635d8e4e5fd292686

SHA1
d9edc4bad6fe2300b5ab0228ee1a6b57ce193d99

SHA256
699bd063fb1af3a8c91a1f01bf068c0f164121527ec3d166dc762e96fcb78e04

SHA512
1f49309ff87eef6f3624feaa3bb1ccd049c99cf87fb0eaeed9301b2cf089d6fa0d6b5be692f3f7e8fcd716d711a7890bdd0f35fa0225c26e17c3c23a901a1655

Download Submit
C:\Users\Admin\AppData\Local\Temp\yyyy.bat

Filesize
337B

MD5
f8a635ca03a6d09019ef04c702a567d6

SHA1
1fedec3a90f54ded1b7bcf43435de99881b4a802

SHA256
c41283f033f3556090ed2841b2f409a990fad118055662df58780d9884e8e59d

SHA512
8ac22d4360f3ebbda8cff0ebf32d3ebc521252a40e3ba47bce4079487b8a5db900da4d281509a37e0714514950bb30474818daefb78449b6c272dbe89cea38e8

Download Submit