Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
15-05-2024 21:34
General
-
Target
4823ece818f820f1074642453651afd9_JaffaCakes118.exe
-
Size
259KB
-
MD5
4823ece818f820f1074642453651afd9
-
SHA1
ce6573d19e4ab6b97c29cbd4a540c6b9987087ba
-
SHA256
1282a0833d9c7c08cba67ad6424cb6205fd6d997a7d8e789be07d9db2381f487
-
SHA512
dc17dfc8c66dd2947d7dcb8c4882ffa3c54851e990a7e53ccd481f174c3cd14ce91e30fe96153e7191b82bf0d65d7f8b10e1bfa806725303e1215ffd41b22eb5
-
SSDEEP
6144:Btzsb5Uh28+V1WW69B9VjMdxPedN9ug0z9TB9SSxINku2wGmvJ+CcV/iU3GSN++r:BtzE5elwLz9TrdxXu0/6AhN++pQY
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4823ece818f820f1074642453651afd9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4823ece818f820f1074642453651afd9_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1C86.tmp\1C87.tmp\1C88.bat C:\Users\Admin\AppData\Local\Temp\4823ece818f820f1074642453651afd9_JaffaCakes118.exe"2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5491b85c0e0dafb3a1bb8886598842434
SHA1d92772a0165423580f092e7873132c116052e149
SHA256b3780312ca7547d7895a5204748057d6a6c2671df26a2e0215cab09905a4b26d
SHA5121444d2f22d166326d1a6af8ed46285196c1d6732f22ca1c8e0eee2d7445923d35ad114ce2769bf6266b84f66772ac8ef069b5d6b7393c0fe0e559d84eb440b3b