326cfbda2969b2ab9c6f72480aa443cce112482bd1d5e354cb8c572fa9817d03

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 02:38

Target

08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe
Size

156KB
MD5

08d701fea25937c46ab1af409e3f22d4
SHA1

9d09842741ef59901ca4855610569e08024f8605
SHA256

326cfbda2969b2ab9c6f72480aa443cce112482bd1d5e354cb8c572fa9817d03
SHA512

5e8ba97bdf5603ce47a4786646b12f0d81d4aa314f1762d6d4b71e7ead22e6c010964eb84f78a9ad3901ad26fdca697e890b1d252c23aa27c103f2e4383ab45e
SSDEEP

768:G/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfLx:GRsvcdcQjosnvnZ6LQ1Ex

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2712	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
1364	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe
1364	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Java\jre-09\bin\jusched.exe	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Java\jre-09\bin\jusched.exe	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe
File created	C:\Program Files (x86)\Java\jre-09\bin\UF	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2712	1364	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe	28
PID 1364 wrote to memory of 2712	1364	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe	28
PID 1364 wrote to memory of 2712	1364	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe	28
PID 1364 wrote to memory of 2712	1364	08d701fea25937c46ab1af409e3f22d4_JaffaCakes118.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Program Files (x86)\Java\jre-09\bin\jusched.exe

Filesize
156KB

MD5
01ede9aa0a016694d3694bb395000926

SHA1
b33427b0a4f1553e01c89a551f23fc3f7a7100db

SHA256
18a82fcb46188038bb41a43e34684f5f69a3bec4c0131963f9d8042a1ef5b48b

SHA512
79bd232581ddeefc912fae6ee9ec1e81f6f19f2aeb9efcba72716ac56b038aea93ba33321338b04d7fe9bc27da8889c425c1d02adbef7b092fb1f77140812d49

Download Submit
memory/1364-0-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1364-7-0x0000000004A40000-0x0000000004AAD000-memory.dmp

Filesize
436KB

Download
memory/1364-13-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2712-14-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download