4f2efdd2451e46ffe30ee74617285deccac46843ab980177716791b0f0fe13fe

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe
Size

1.6MB
MD5

0ea02081e34f8f85c8f76619179bb843
SHA1

5ccf5421625b1de7d96bbccb31db0d4be0d30bce
SHA256

4f2efdd2451e46ffe30ee74617285deccac46843ab980177716791b0f0fe13fe
SHA512

603f2c883ed6634d903e49b8b3c649e4ec09d2d2a23f459c438f007329274df09f0edc9f9232cbc2bb126ccd39bf82df8dc015abc62e38c729856aa105b0f2e0
SSDEEP

49152:lZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S93:lGIjR1Oh0Tr

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1688	0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1688	0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe
1688	0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe
1688	0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 600	1688	0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe	32
PID 1688 wrote to memory of 600	1688	0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe	32
PID 1688 wrote to memory of 600	1688	0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe	32
PID 1688 wrote to memory of 600	1688	0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ea02081e34f8f85c8f76619179bb843_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\13310.bat" "C:\Users\Admin\AppData\Local\Temp\3ED0A404EE6D4DED9AE2E3C6BA3ACB35\""
  2⤵
  PID:600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\13310.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\3ED0A404EE6D4DED9AE2E3C6BA3ACB35\3ED0A404EE6D4DED9AE2E3C6BA3ACB35_LogFile.txt

Filesize
10KB

MD5
4169666d955be3577ceb8db988db81a3

SHA1
41d0e4298197587a2fdd56a937cd30323400600c

SHA256
932639a26e531df978e2213355e920d95861216e2b8265e4e45cbc5d786e8147

SHA512
c51f842d6ada4b06f2b4f1058319954fb0fe0533a1dae534261910ec3d122003bc2e6f4dd8f67f2ba33624ec5c179ffee6bdc3ac6fa4cf995afa82936d0f2612

Download Submit
C:\Users\Admin\AppData\Local\Temp\3ED0A404EE6D4DED9AE2E3C6BA3ACB35\3ED0A404EE6D4DED9AE2E3C6BA3ACB35_LogFile.txt

Filesize
2KB

MD5
34df031acd7ff133024551e7f3dbca0d

SHA1
89c11e53dd7681e030296588ae835a30c0708faa

SHA256
60a28ee391b5cec5a69c0b250e6871534da780a37c53230d43c04bc24c4659bf

SHA512
70fe867325a61c7702fd6bb02c6f4e58c1162386c6442abee468ecac1e733f4d439d96d3112f7fd9b3fb9269cd21cccb195c45ff8568a4e477401d4b412dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\3ED0A404EE6D4DED9AE2E3C6BA3ACB35\3ED0A4~1.TXT

Filesize
102KB

MD5
4feb8b2271c6473d949ae746bddd3aee

SHA1
287c23d1e2d29f63c71129a6e00ceb12cc9af2cc

SHA256
70792ce892706cddfe9ec5fdf7ee45879f62e5c3c7bc25095c35009bd146b7d3

SHA512
79a143e5757d3f85be6cf3c23a6d18f0d52a26b1a131b45eb4424467f4f63bc998ea3b6bc4ccc9dd8f29ced15c7f392188ee1439acf1c66e0b741bb433077536

Download Submit
memory/1688-63-0x00000000002E0000-0x000000000048C000-memory.dmp

Filesize
1.7MB

Download
memory/1688-182-0x00000000002E0000-0x000000000048C000-memory.dmp

Filesize
1.7MB

Download
memory/1688-253-0x00000000002E0000-0x000000000048C000-memory.dmp

Filesize
1.7MB

Download