eb50a486e862a2a953711dd5a9a0932af71253d5ca7c48261bcf515fc914b69c

Analysis

max time kernel
133s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

119cd24ddb2549f6fd9a1548d89df7ea_JaffaCakes118.exe
Size

390KB
MD5

119cd24ddb2549f6fd9a1548d89df7ea
SHA1

d47fa779133a79ebc073de420db8ddf3a3c96081
SHA256

eb50a486e862a2a953711dd5a9a0932af71253d5ca7c48261bcf515fc914b69c
SHA512

c277430fd8c42bfcb557e786fce4392502c4e3d0f4a7a7ef43401fa923e8014bc2a151e0113052139a6a3a86c8e78a8c6d5bfd8ae4a3bd89ae736d903c08893a
SSDEEP

12288:djODTivF9GVlkURZE+YHA4kjstRyNCDUgwcp/fE:djOytIL5E+fQtwNNV+fE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2168	HCSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 2168	4892	119cd24ddb2549f6fd9a1548d89df7ea_JaffaCakes118.exe	84
PID 4892 wrote to memory of 2168	4892	119cd24ddb2549f6fd9a1548d89df7ea_JaffaCakes118.exe	84
PID 4892 wrote to memory of 2168	4892	119cd24ddb2549f6fd9a1548d89df7ea_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\119cd24ddb2549f6fd9a1548d89df7ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\119cd24ddb2549f6fd9a1548d89df7ea_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Users\Admin\AppData\Local\Temp\7zS3A59.tmp\HCSetup.exe
  .\HCSetup.exe
  2⤵
  - Executes dropped EXE
  PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS3A59.tmp\HCSetup.exe

Filesize
671KB

MD5
aad7640bee0e570e3161203f31cefbcf

SHA1
e0dbe4009b7d7abd366af77720c155cc10b602d1

SHA256
ff81d507a1284cae0b87a25810e403734ac4ca8a4b239d455c49a19929ef541c

SHA512
b8b32d729aa117c7477d1442e035fdbab07db47bf5cd2af82246e83cbe07ff3f6255de3d05f5c5dc7ae2b762628642d0aaaea837466bc93a32190773d43bbaeb

Download Submit
memory/4892-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download