60fdba6932c96b8acb151a557ebab50886be643d5ffdf991c87771fa040d1bfb

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-05-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
Size

492KB
MD5

10aad0297bfcd915ca954fcbb2c3b32c
SHA1

5670f76213fe0f64451771593b37520a9225dbe0
SHA256

60fdba6932c96b8acb151a557ebab50886be643d5ffdf991c87771fa040d1bfb
SHA512

a74ec25c75c7ec6ee2372ec4203853a375f8806c013729d4f9ab0aa7ace23fe3362a75c5b8a193c00fb40d2bf42223baa16167f6263260dbcef5df40d3547ed3
SSDEEP

12288:1/Tp0ZZOtb4VkYUBk7ODwiV6ng6rXW9os+AiyBp:1dg4tb2U2OwiV6geXWesnn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: SetClipboardViewer 1 IoCs

pid	Process
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
2104	10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\10aad0297bfcd915ca954fcbb2c3b32c_JaffaCakes118.exe"
1⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Language.ini

Filesize
4KB

MD5
ffb6f7ba01aa450f9e17b5e5b21ec77a

SHA1
e8d72ef33299dec86bd7e916abc33f5eb3995c54

SHA256
f4c23a012bb00f9fb4d7dc1b2f562f7d08692858abadb96b081404bb5fe4d064

SHA512
b523dda4a7d7d145881c22c7204758af48e824bf1d5779d50853086f3ef0f2fd084b0a8af10a2a4a526f21dcb18f4d851c536bba77839f29d4fe192c6f49a44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Language.ini

Filesize
11KB

MD5
8c628b3eaf659ac54989be7394e6201d

SHA1
6426ce0eb51317177f6ee5b33e2116cf99d7b2b4

SHA256
0d9fa8a3472fa440ba2c6c44c930cd2488f73230220832e0e5af13e58a291049

SHA512
7de835ec17be1378b31440d562d977e9ad02dff7a7076365937262afbc131c8344d149003f3f3383238729a49f1d06d57f84a232b6148ebda81466ede13c51eb

Download Submit
memory/2104-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2104-1670-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/2104-1672-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download