f7bbfb48bbe3a33814e8c4ac0303ce4dfe3a6651281cf466d0ddeecb76848c47

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:05

Target

63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe
Size

9.8MB
MD5

63e599d335b34ab6de97f6b672c42fbe
SHA1

06c9aeb70f355f54854a58564d74facc3b355af9
SHA256

f7bbfb48bbe3a33814e8c4ac0303ce4dfe3a6651281cf466d0ddeecb76848c47
SHA512

ae0fcff93f37bf6937ee19a41c07adcb2f3d1740199dd5bb9500b1d7216907c942dfbf55b0d1bed8cdcc17104f9a7b18e18254d253bed631d09bb5e971284377
SSDEEP

196608:0vbDdha4z0Ho7WLMQEThkSGHBt19GQzyoxG7yV37IlEgpR8pRkd66R42i5Ny36Je:0zDdha4zkoFGBL/rxOy5U8LkDQM36Q

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

setup.exe

pid process

2616 setup.exe

pid	process
2616	setup.exe

Loads dropped DLL 4 IoCs

Processes:

63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe

pid	process
1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe
1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe
1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe
1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

setup.exe

pid process

2616 setup.exe
2616 setup.exe

pid	process
2616	setup.exe
2616	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe

description	pid	process	target process
PID 1688 wrote to memory of 2616	1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe	setup.exe
PID 1688 wrote to memory of 2616	1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe	setup.exe
PID 1688 wrote to memory of 2616	1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe	setup.exe
PID 1688 wrote to memory of 2616	1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe	setup.exe
PID 1688 wrote to memory of 2616	1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe	setup.exe
PID 1688 wrote to memory of 2616	1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe	setup.exe
PID 1688 wrote to memory of 2616	1688	63e599d335b34ab6de97f6b672c42fbe_JaffaCakes118.exe	setup.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup\1cv8.efd

Filesize
9.4MB

MD5
69edcd93cfd11cd8baa70a521e27b8ce

SHA1
e654d55a04d83e48f267342b04df29f171a3f64e

SHA256
7aedbdad7144588085e9c9ca565cddc9585309727c5955af37de62fab2a65173

SHA512
9018fdeef0e66dd51130f9e75fadeed087bc62086746b498c53574e74edc127c121b5a231496ea52c4e9dfd92dd94a571f9b3e7cdd9aaba5c3b1b55c0700b683

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\setup\setup.exe

Filesize
614KB

MD5
674c195e84ea6803d813990d64efc334

SHA1
038c16b1431922f07ccbe6ae8c9bdec3607c95dc

SHA256
dd4c5ff42ef0f6db08f14a96b9182d1e7f358b4b8f8eefb5a295fec8c38e87ca

SHA512
fc71add9b6a1e30b030070846c0b6caa69a3d37690893804b85ebce00566cd0315eb53155e831bc8d59525d32da0a802143f8c94222749ddb3f43cdd5e08c7b6

Download Submit