Malware Analysis Report

2024-10-19 07:11

Sample ID 240508-v63xpahh27
Target 258c60b279a8debef184b5c01766604f_JaffaCakes118
SHA256 20a58ef0190c09058cef8c973a92a39a1aa125a350cd47e381d44937983274a9
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

20a58ef0190c09058cef8c973a92a39a1aa125a350cd47e381d44937983274a9

Threat Level: Shows suspicious behavior

The file 258c60b279a8debef184b5c01766604f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Drops desktop.ini file(s)

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-08 17:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-08 17:36

Reported

2024-05-08 17:37

Platform

win11-20240508-en

Max time kernel

1s

Command Line

"C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe"

Signatures

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\assembly C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe N/A
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Network

N/A

Files

memory/2656-0-0x0000000075051000-0x0000000075052000-memory.dmp

memory/2656-1-0x0000000075050000-0x0000000075601000-memory.dmp

memory/2656-2-0x0000000075050000-0x0000000075601000-memory.dmp

memory/2656-6-0x0000000075050000-0x0000000075601000-memory.dmp