ff4598d51b1eb067e7d38dd70caa54951bf0e1bd39152ca677bccf2f7de5deae

Analysis

max time kernel
144s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c2456cd81088f86b699b4ee0f7ec79a_JaffaCakes118.exe
Size

306KB
MD5

2c2456cd81088f86b699b4ee0f7ec79a
SHA1

9a4163aa6869372e402c76ee26b3bdf6824dae37
SHA256

ff4598d51b1eb067e7d38dd70caa54951bf0e1bd39152ca677bccf2f7de5deae
SHA512

4b70c4c7f048626a70617fc980df655f02e049d0ad58eff78b2d018e2c4207c46c78dca66b415a25c0d277d9b0fd75ba6f59dc582082188e8edd8421d366e720
SSDEEP

6144:yOYGXaPNxdgSdcq2pVZPOJHAbK5T+trBo:eGqN/XdctpVtkpT+trBo

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 3056	2028	2c2456cd81088f86b699b4ee0f7ec79a_JaffaCakes118.exe	28
PID 2028 wrote to memory of 3056	2028	2c2456cd81088f86b699b4ee0f7ec79a_JaffaCakes118.exe	28
PID 2028 wrote to memory of 3056	2028	2c2456cd81088f86b699b4ee0f7ec79a_JaffaCakes118.exe	28
PID 2028 wrote to memory of 3056	2028	2c2456cd81088f86b699b4ee0f7ec79a_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\2c2456cd81088f86b699b4ee0f7ec79a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2c2456cd81088f86b699b4ee0f7ec79a_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Winlok.vbs"
  2⤵
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Winlok.vbs

Filesize
224B

MD5
1afd9fb5837ae708f72ae26fd58c7ec9

SHA1
6ac2191a02a2419fe0d703dafe25696aa5522c2c

SHA256
ae576cd85e17597e94795abbb0263e8c8dc7734bb7c74a7807c67a314554ffd7

SHA512
d54bae4abc0146b73306243b174cbd1d769ce16cc65a50dd41f17076ef8b0ddc07a4a9eb8c714155c2fc725a3250f8ee56b7ea5f8e939a70d28f91508bc778f8

Download Submit