34f20f8a85fcc289b39ef0a2e15361a77cd94f868208280fbfbdd3344804284b

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 13:12

Target

20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe
Size

1.6MB
MD5

20aaeaf0dd9c0209eab13035a49358c1
SHA1

3071971110d844df6ea33101701861b62b12c9b4
SHA256

34f20f8a85fcc289b39ef0a2e15361a77cd94f868208280fbfbdd3344804284b
SHA512

b6f254b809f25d1323ce5c9881400edc222f193b387746164069c1cca741fca34ffb68b43cb89fade925e4c4dd9b5ff0355322cd5230525e08840874ac8a2b19
SSDEEP

49152:l7GjEwqvFcH8Bx9AD90SsLYOwZep0KbNjP:RvFccBx9k1DKZjP

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2688	Install.exe

Loads dropped DLL 3 IoCs

pid	Process
1992	20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe
2688	Install.exe
2688	Install.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2688	Install.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2688	1992	20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2688	1992	20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2688	1992	20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2688	1992	20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2688	1992	20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2688	1992	20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2688	1992	20aaeaf0dd9c0209eab13035a49358c1_JaffaCakes118.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\RarSFX0\files\NetPanel.ini

Filesize
339B

MD5
0ffdd1daba927b2e3df9dada3b18d56a

SHA1
d6eee2e03ce75282182cf0a4fc07306f528522fd

SHA256
8f7973b9f22295dd29373803d77bf3e250ec3a61ccc2c5760be07d9ed8649277

SHA512
70f1e7872ceb7e87a63ccd872b4cd8bdd3e3ec70ede3e767bcd43f53420e7324ea6a109527c1e85f509c26370158019e9c3577631c3d27510ea0043e542327ed

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Install.exe

Filesize
1018KB

MD5
d8261b5215e32da1bb32a03a207a6722

SHA1
9c46c455145ffcaa3c3a123568df7db7f08cdc11

SHA256
511b236e51d3095fe44ca091ee6d00677f842edbdcb1e849c60ae515b63798c4

SHA512
efea1a81ea1a53ba9c7b778a74a0c5a7557850d22396d928e88e382034806364afd008b131b66e6b2d07097481fe1865feab28d2c20143d9bf789db12325607e

Download Submit
memory/1992-27-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download