613f3b76cd41db829f79178b642d4ad2572f1e7f1942681f3b44b81c7877872c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe
Size

1.6MB
MD5

68c087f1601ab51088558b5a8f643a84
SHA1

95014992739f47066c6699d28f2e98473a72b070
SHA256

613f3b76cd41db829f79178b642d4ad2572f1e7f1942681f3b44b81c7877872c
SHA512

4a5e107837492df8eeca5e250712194f54b67fb917bdcd4f150ffe0f72aa174ed5c4d848f1008acc5253bf8936ee5d5bf591b55e8635bffdbc26f5b4a1926f91
SSDEEP

49152:nZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9W:nGIjR1Oh0Ty

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe

pid process

3000 68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe

pid	process
3000	68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe
3000	68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe
3000	68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe

description	pid	process	target process
PID 3000 wrote to memory of 812	3000	68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe	cmd.exe
PID 3000 wrote to memory of 812	3000	68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe	cmd.exe
PID 3000 wrote to memory of 812	3000	68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe	cmd.exe
PID 3000 wrote to memory of 812	3000	68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68c087f1601ab51088558b5a8f643a84_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\6374.bat" "C:\Users\Admin\AppData\Local\Temp\C856C7B0387A4E04A8B171C0989CC822\""
2⤵
PID:812

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6374.bat
Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\C856C7B0387A4E04A8B171C0989CC822\C856C7B0387A4E04A8B171C0989CC822_LogFile.txt
Filesize
5KB

MD5
acbeeefdcdaafa7a23f3412a0866bc3d

SHA1
87aa8fc0f5188ba1a75f68d734cfb5b84983a3d7

SHA256
1a7a55617271b6a02e027f13e0beb233b6fb95f05dd47ed15c69af957b7e77d7

SHA512
5fea3deda7376b1f38473833438c472524c2012aedbd43e1933349e11ceb8843384ffdf4a44384882e297bd21a2f618b6391996721a3cebb83c558232b28600d

Download Submit
C:\Users\Admin\AppData\Local\Temp\C856C7B0387A4E04A8B171C0989CC822\C856C7B0387A4E04A8B171C0989CC822_LogFile.txt
Filesize
2KB

MD5
0e6097f584b345606684eb8a97e86e78

SHA1
3870fc564f09363ab152b55ae25542a781773ae7

SHA256
5190d74bf2bd472e6fd79e7e8562897f5cd7f97bb156eb335138db70076ac77d

SHA512
6510b9b85aadd5e858e18adb9c7ab4abcd731be5fc0d55c03e1c74083ec170c4f97fe3fd0232b8c5c40b749042061fe13ff509b222b311ea08481294cca1bd27

Download Submit
C:\Users\Admin\AppData\Local\Temp\C856C7B0387A4E04A8B171C0989CC822\C856C7~1.TXT
Filesize
105KB

MD5
81533c19175fb171fdcad59e96903e4c

SHA1
071e234b50c20d2da679a3532c12f7065de30b40

SHA256
e65182fa83749e65cf755146647fdd42e967e7e8730f30d6bbb8fa8bd58f676a

SHA512
1eb77450baa467bde863c222c7548816fc2ae1b253ce1a5bcf6e50a6db4e611e6901445771fd4a8f0ec309db2bc3718a340856f31ec9f49360ba9c8c7eebe9d2

Download Submit
memory/3000-63-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3000-181-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download