096c46f607189ce8880755ba0425d763f484244d6f5f52f4dad4bc46b2f577ee

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe
Size

762KB
MD5

46d6300327273a9ab93719d05d8fe235
SHA1

ab62cc8055f2813f42dde30c1aab70d232fddda7
SHA256

096c46f607189ce8880755ba0425d763f484244d6f5f52f4dad4bc46b2f577ee
SHA512

33b345304de79a0f955f4981e3ffdb430cfea1a28a30b2a262e22ade7f00b274987dea1d05667a57087aaeb15bfc5efad6ece1f58c7a68254b396605558bb64b
SSDEEP

12288:atobirltpeTtNXmLFhppAEDlPRCdc5XY/ouP9Tk284UhzSX65rdAmawrm29fPTnT:atDltItNW7pjDlpt5XY/2TkXKza/29p1

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
2328	46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe
2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe
2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2096	2328	46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	28
PID 2328 wrote to memory of 2096	2328	46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	28
PID 2328 wrote to memory of 2096	2328	46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	28
PID 2328 wrote to memory of 2096	2328	46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	28
PID 2328 wrote to memory of 2096	2328	46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	28
PID 2328 wrote to memory of 2096	2328	46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	28
PID 2328 wrote to memory of 2096	2328	46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	28
PID 2096 wrote to memory of 1000	2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	31
PID 2096 wrote to memory of 1000	2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	31
PID 2096 wrote to memory of 1000	2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	31
PID 2096 wrote to memory of 1000	2096	internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Users\Admin\AppData\Local\Temp\nst29C1.tmp\internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\nst29C1.tmp\internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe C:/Users/Admin/AppData/Local/Temp/nst29C1.tmp /baseInstaller='C:/Users/Admin/AppData/Local/Temp/46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe' /fallbackfolder='C:/Users/Admin/AppData/Local/Temp/nst29C1.tmp/fallbackfiles/'
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\10778.bat" "C:\Users\Admin\AppData\Local\Temp\837EC41BF30140B29D9DE2374BACF4A6\""
    3⤵
    PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\$I0RECAU

Filesize
544B

MD5
cb4ab7de61200826bd5dfb1320c287b1

SHA1
51c0d7ba8b6f185a0e7ab873b662736438ed98c2

SHA256
cef2bf05195bb4e13a8c404b15bbae3dc423a7d4408b876aa82cbd99b3008c2d

SHA512
65641b6c745993f5cfe595c983aab914975ba0591d9be81da4810a58fc8f2ff9e8ece39ef774ad76f53ea518161caa96013c15e55affbfa89b3d9010649b2fcb

Download Submit
C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\$I5Q6XJ9

Filesize
544B

MD5
33c053e25118966715ef8ad3419c3d00

SHA1
01803fddd632a826a134eaad01ee23d9a998fb1d

SHA256
d2c183243ab98da6ff257364c7cae91dc6062116810b97e2d514338c06443570

SHA512
873f9db40134cb32e3b3ef6c2ed034e7fe0448c916d7508858fb48f5677f69ffae75f14b5bf3b6f70492dbb61f22cc1108c26aeb89181d1ae390f228466ad707

Download Submit
C:\Users\Admin\AppData\Local\Temp\10778.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\837EC41BF30140B29D9DE2374BACF4A6\837EC41BF30140B29D9DE2374BACF4A6_LogFile.txt

Filesize
2KB

MD5
a117fa353d6398a224dba9a3a0f0ae9f

SHA1
0fba8530da073d21ef327fbb6ef6953af7905bfe

SHA256
d2c247543be2ac182b1b6f7f330ec3ff2f88fe2dafd7f041866b74b31b523d61

SHA512
3197c339212c120bcb62c819e8ec8c1b5d33e67683a9418f4d8e2f1e6ec5d5ddd0b3c20309044564df4d5f634945a46cc57916e4c798eec7c7bd8232568de0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\837EC41BF30140B29D9DE2374BACF4A6\837EC41BF30140B29D9DE2374BACF4A6_LogFile.txt

Filesize
3KB

MD5
e23c25d43dd1269e6b849459a1b9566b

SHA1
4b7fb50030a7b19e1d40361b6c35e3532fd3d973

SHA256
2db2ce29df54966187a61fde570258d1d4402fcfc2b31ba744df877a3b2fdeb4

SHA512
eab379125aada06c4af3cadba5a1e7d25eed7985376cc914a151098bfa6cec834930c4ea7c7ae522f48b41f012cd477b7e3cf118ca392ff6ba3ef98b6036c1e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\837EC41BF30140B29D9DE2374BACF4A6\837EC41BF30140B29D9DE2374BACF4A6_LogFile.txt

Filesize
4KB

MD5
b2b11567c33420f39e57fbf6a74f9402

SHA1
96dd71cb8c0eb3747ba75cc93b99566a8499134d

SHA256
0ad27306157809768bdf1be8481aaf909f10b7aaabd06ff8a6e2e0a02239f0b5

SHA512
1d98543e8d4dea93b56d679552114eb575d3f726b0e903aaf5e35e0f9b0a4adb16119ba226c4e4b94cbcfa668aa3f5a15acfc06585584c6007edb99d90c46f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\837EC41BF30140B29D9DE2374BACF4A6\837EC4~1.TXT

Filesize
27KB

MD5
fed050244005fdfc7a18b3b8f741756a

SHA1
44471a4d2c54f443635d664179b2b8f845fafe50

SHA256
74fb82b6e06fa8bf36dd762e018b52b57f4f1b067b2297738196cd48ac3caaf8

SHA512
2eabd0d2379d24494cd11f9bdcc957c0aba17c9806af7a807b2c09f6e71ba12c95f4006296d8f08e1d2b855feb4dad5db6c9660eb8f5ecac0b9ad46eed767cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst29C1.tmp\internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118_icon.ico

Filesize
31KB

MD5
1f047e870359e4ef7097acefe2043f20

SHA1
82ab7362f9c066473b2643e6cd4201ccbf0bb586

SHA256
f8aa104cfb7abbceac412d4906ce10f5cf576dd4eb9a525103946d692c55734e

SHA512
e4e779676d19d84507250adcffcd9cba99c1666f7678f832c03e41f5f264d16a43ae924d8e29e783d84b2742be1a45803aec99a36b9a3784c4f2d6edd297e286

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst29C1.tmp\internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118_splash.png

Filesize
65KB

MD5
ef1514e5d2bcf830b39858f0736d7de7

SHA1
832214b62cb3e56f858a876fc3f09cb3c3324cbb

SHA256
c61599b0e0207ac5f7db1551e96818ec4abcbf77def4afe00fb2bbccc2ca6bb1

SHA512
cf547ad17ca774bb18c3931625eb3c7b6fe208af433332efa11653605f346d5449289739dbce66aef1c50fb134966419defcb02fd5bb206f8a2211f0e4b0e45d

Download Submit
\Users\Admin\AppData\Local\Temp\nst29C1.tmp\internal46d6300327273a9ab93719d05d8fe235_JaffaCakes118.exe

Filesize
1.7MB

MD5
d4c16982f8a834bc0f8028b45c3ae543

SHA1
9d9cec9af8f23a23521e20d48d9af1024663a4a7

SHA256
932badf8ce27381bd595c9d861d7f7142fe98f233a893a2003a5f5e5ec163b3b

SHA512
c94b8d978afac107c08a5405cf9510e48d4bcf1284292eee1d08898f1c7a43a83a9655dc4d85d27d3b825e45a8f136c7beb71405fab94bb5e2437b7c4ad44b5c

Download Submit
memory/2096-76-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/2096-211-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/2328-120-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2328-294-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download