1afb545fd4bb5ebee1988a43264c93d6e5d2809f9b9736dcdd702059e4b46872

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 10:18

Target

34159a0fee587dd20835ee5d9007d71a_JaffaCakes118.exe
Size

1.6MB
MD5

34159a0fee587dd20835ee5d9007d71a
SHA1

a3f2074bdc7b520c6e4e6b68016e89082d428c0e
SHA256

1afb545fd4bb5ebee1988a43264c93d6e5d2809f9b9736dcdd702059e4b46872
SHA512

82e9cd7c652fded635099d0c6bac4c8b3bd5e5e932f502f189858977e1fab334a5beaeac1d16c7c135da89a67af5458353042149745f1287a9d40cf02f507e30
SSDEEP

49152:tZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9i:tGIjR1Oh0Tm

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

pid	Process
636	PING.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2972	34159a0fee587dd20835ee5d9007d71a_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 472	2972	34159a0fee587dd20835ee5d9007d71a_JaffaCakes118.exe	30
PID 2972 wrote to memory of 472	2972	34159a0fee587dd20835ee5d9007d71a_JaffaCakes118.exe	30
PID 2972 wrote to memory of 472	2972	34159a0fee587dd20835ee5d9007d71a_JaffaCakes118.exe	30
PID 2972 wrote to memory of 472	2972	34159a0fee587dd20835ee5d9007d71a_JaffaCakes118.exe	30
PID 472 wrote to memory of 636	472	cmd.exe	32
PID 472 wrote to memory of 636	472	cmd.exe	32
PID 472 wrote to memory of 636	472	cmd.exe	32
PID 472 wrote to memory of 636	472	cmd.exe	32

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\1D6C1EC2536342E7BD15CB0799651C15\1D6C1EC2536342E7BD15CB0799651C15_LogFile.txt

Filesize
5KB

MD5
8e7273f7b0144fb9bb3307ffb25facce

SHA1
31feb087108086d6e8a8188a91d264c2ef1d6e2d

SHA256
c5756927b769b33fd2fed3e316857019805cd92c3bf1e2e297549085255ef231

SHA512
b65ca4e6ffaed5c8749ea40f2c38498566862af9df8374a7221f1fed9fae8e7531596c77850d6ba1b0175411efd1778457758200b7f1617f290ee72d39ca12b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\1D6C1EC2536342E7BD15CB0799651C15\1D6C1E~1.TXT

Filesize
105KB

MD5
7f6bcb398a3974186df1d54c96f19563

SHA1
063acd78483f86c5304bcedac6a25f2710240353

SHA256
dcc0c4f074f98b13e6b7e82a3ac2e3702b23e248b85f0bdc85387c38d6079cf4

SHA512
727263b3d8cefe61b97f3fc2d17293c5a3d929c40ad24d9375b25593ab761acc344baa61ce6d1460a2e12edd89b68b6f4e0a4d484f415facc54193b507ca0a65

Download Submit
C:\Users\Admin\AppData\Local\Temp\30697.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
memory/2972-61-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/2972-184-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download