c498345b96b194842400ff0faab33a9f2beec21e839a72c9a06b4e081d08d443

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe
Size

1.6MB
MD5

31b55c23714e97c39b4dd0554758bb4f
SHA1

7da41af8ab3e3767ba2de4fa72612368fb83ae2a
SHA256

c498345b96b194842400ff0faab33a9f2beec21e839a72c9a06b4e081d08d443
SHA512

cf0578389e776b96520fbad9caeea65ddd0007152de4865855244e76beb6418fd23c43a4b538c74295ce090d110517daa4b092fa7d2f10e7f5938feec035861d
SSDEEP

49152:NZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9O:NGIjR1Oh0Ty

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1772	PING.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2416	31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2416	31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe
2416	31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe
2416	31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 292	2416	31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe	30
PID 2416 wrote to memory of 292	2416	31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe	30
PID 2416 wrote to memory of 292	2416	31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe	30
PID 2416 wrote to memory of 292	2416	31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe	30
PID 292 wrote to memory of 1772	292	cmd.exe	32
PID 292 wrote to memory of 1772	292	cmd.exe	32
PID 292 wrote to memory of 1772	292	cmd.exe	32
PID 292 wrote to memory of 1772	292	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\31b55c23714e97c39b4dd0554758bb4f_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\18872.bat" "C:\Users\Admin\AppData\Local\Temp\F04064AC779B4272AEF0E1F406BBEFFF\""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:292
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\18872.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\F04064AC779B4272AEF0E1F406BBEFFF\F04064AC779B4272AEF0E1F406BBEFFF_LogFile.txt

Filesize
2KB

MD5
c167a95129a5f241ad28cfc5406a5972

SHA1
80139411a743dee7e066d7fbb2e8f1b9b6843847

SHA256
3bc0f02d758f3030bbb621881b201c95aa95641ef40a656f9390c5cb611af9f7

SHA512
4af881fb33d79b8bd86e0ad292dedaf5f25b64157aa84db37f0fbd20484460c03ed201aecef5d200ba8e747c3605525cd3266942feb97e0250152960e9683102

Download Submit
C:\Users\Admin\AppData\Local\Temp\F04064AC779B4272AEF0E1F406BBEFFF\F04064AC779B4272AEF0E1F406BBEFFF_LogFile.txt

Filesize
2KB

MD5
5b2d98e1bd0f1a8010c72845f62b8fbc

SHA1
2bcd3df4106ec0d51f72bd5d25c4a40a429ae53c

SHA256
eb0c3616d8de1c7a7ee715f7b362dfc9ca7754cea6c2a2e90ad0673d52e11db5

SHA512
1282e27666f4342fa474f71df722f1c297329f7e915a16ff42866f80bf2f6194a7dd5dabbbce69f88b95a1bdd2ba286f40e4f6f8d9149d14c032823980d0be3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\F04064AC779B4272AEF0E1F406BBEFFF\F04064AC779B4272AEF0E1F406BBEFFF_LogFile.txt

Filesize
5KB

MD5
20621a2988373dc7fb91abb713002dad

SHA1
03f1ff9732d83595e79da592e035caae811683eb

SHA256
6ad613b17813601b820d55ddd8e688a37cc8e12d5d3a1b65f5c83d611aae695b

SHA512
40603b8c762d0fcc4aa473cfdf6d3dbfe97df82abedb575f82b6c6cfb2d52dd891a498995098766f40e2685ff4ea8ee74b0305aa42443b55776a391432e12409

Download Submit
C:\Users\Admin\AppData\Local\Temp\F04064AC779B4272AEF0E1F406BBEFFF\F04064~1.TXT

Filesize
106KB

MD5
ae4ddfec17036479703f2586b477e579

SHA1
e92515ee0dc66cf452fd2d8499747f6b9029ca6f

SHA256
880212ad3be33db3e5dc643964b2970edf02a912866209ae6203be6463cae772

SHA512
aee335f43236f3c3a8238d4ce0a334248aa962036ee82d1ab7dbf94ef21dc9e2433ccde12a26f3e418af9b478ce79410156007c5e9ed4729fbcd8cd378ccd776

Download Submit
memory/2416-63-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/2416-186-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download