7d63078c1cb2d9a0488f9cbfd2cdb651863a4ee06014eab5a54b4a6f44fbabcb

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

058c8fe894dbf170107e11782123c077_JaffaCakes118.exe
Size

1.6MB
MD5

058c8fe894dbf170107e11782123c077
SHA1

4d1231a383e929f1b604595d873124b9be046b74
SHA256

7d63078c1cb2d9a0488f9cbfd2cdb651863a4ee06014eab5a54b4a6f44fbabcb
SHA512

2405c3695c9df4606e4f78d58ef7a82a3d1fa63c03cb7cbf3f95a20b8e68fd2eb51282d1b558491f005d2ef53204152d30cfa119f329b0fc22895678f8b316cf
SSDEEP

49152:/Zgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9N:/GIjR1Oh0Tp

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1044	058c8fe894dbf170107e11782123c077_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1044	058c8fe894dbf170107e11782123c077_JaffaCakes118.exe
1044	058c8fe894dbf170107e11782123c077_JaffaCakes118.exe
1044	058c8fe894dbf170107e11782123c077_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 356	1044	058c8fe894dbf170107e11782123c077_JaffaCakes118.exe	30
PID 1044 wrote to memory of 356	1044	058c8fe894dbf170107e11782123c077_JaffaCakes118.exe	30
PID 1044 wrote to memory of 356	1044	058c8fe894dbf170107e11782123c077_JaffaCakes118.exe	30
PID 1044 wrote to memory of 356	1044	058c8fe894dbf170107e11782123c077_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\058c8fe894dbf170107e11782123c077_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\058c8fe894dbf170107e11782123c077_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\24023.bat" "C:\Users\Admin\AppData\Local\Temp\B693024FB37D4C1A946E0DDBFEA8CD1E\""
  2⤵
  PID:356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\24023.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\B693024FB37D4C1A946E0DDBFEA8CD1E\B693024FB37D4C1A946E0DDBFEA8CD1E_LogFile.txt

Filesize
2KB

MD5
d0bcdc20bbfa2a6a20785d7c9f45bf31

SHA1
ada85d5bf59ebe02d52470432503e17eb03a7659

SHA256
0b2aad4009ba0f54637bdf25625762833c3ebcb56b829e2d41b42f5e6138f5e1

SHA512
a725b92222deff932aab491a3b6c598cca9f6d5816bef34362aa7bbaa33f09ea98784b5e4c47eac6ba2fc502f15358c37aa660a45617e980c21c388460140dc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\B693024FB37D4C1A946E0DDBFEA8CD1E\B693024FB37D4C1A946E0DDBFEA8CD1E_LogFile.txt

Filesize
5KB

MD5
e37de829dbbbd7c29d78ca73989d22fc

SHA1
5e7d18566f6a1a015b55780caf6d229263aa136c

SHA256
64db1d1aa13ca7385eb59876f56f0002248553ab91b2a74e5073f52a3bf77f21

SHA512
c104850b42ea8a253869f56b3b3d3b0a165a2bfe412f7d3582228ea0fb5c82b7542568b66f65fdcac3b54359302987123f3535bb5fd23843ede4f0ccec62ebe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\B693024FB37D4C1A946E0DDBFEA8CD1E\B69302~1.TXT

Filesize
109KB

MD5
1fb7d4c8360b9b0bbafa2212bbc63513

SHA1
e5759662fdf350e30108d77ffb2f87b802964ba0

SHA256
7f4dcd632c16acdd92a826945071a50d1c6dca83d8da87987f8a3b969be261fa

SHA512
75eb9e1605524c8c693de0b8075708f5d2c0142fcc95e277ff654f77c734120ad49011c9a99ab144d5b5b48e7d09c8034e4b883923d8eee4b812dd0674c5864d

Download Submit
memory/1044-63-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/1044-155-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download