0208e48d291c7d58a45efeb8c896dc201a246c32378824d229b30e562a31bf75

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:40

Target

6906c492b5cdef317fa2821fcea6c55a_JaffaCakes118.exe
Size

204KB
MD5

6906c492b5cdef317fa2821fcea6c55a
SHA1

8b5fb0f4677cc8a8710b9e514a1f81ca44ae8d75
SHA256

0208e48d291c7d58a45efeb8c896dc201a246c32378824d229b30e562a31bf75
SHA512

1148c33077469dec239c6ac9cbe4c532d1bb5cbfd2133b7cc599d679ed5e09186bbce1f401f22a5b177a59a30e518183603d986f6ff4f35d453d2fb2827b79a4
SSDEEP

6144:Cf796MRAjXvujn/8JP3WWhnNDwyR/WIp4ktefFun:y79WjXvA4DR/WIp4nfIn

Score

7^/10

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1620 cmd.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1620	cmd.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

6906c492b5cdef317fa2821fcea6c55a_JaffaCakes118.exe

description	pid	process	target process
PID 2104 wrote to memory of 1620	2104	6906c492b5cdef317fa2821fcea6c55a_JaffaCakes118.exe	cmd.exe
PID 2104 wrote to memory of 1620	2104	6906c492b5cdef317fa2821fcea6c55a_JaffaCakes118.exe	cmd.exe
PID 2104 wrote to memory of 1620	2104	6906c492b5cdef317fa2821fcea6c55a_JaffaCakes118.exe	cmd.exe
PID 2104 wrote to memory of 1620	2104	6906c492b5cdef317fa2821fcea6c55a_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\6906c492b5cdef317fa2821fcea6c55a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6906c492b5cdef317fa2821fcea6c55a_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\7ZSfx000.cmd" "
2⤵
- Deletes itself
PID:1620

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\7ZSfx000.cmd

Filesize
264B

MD5
18ad27187f207d7d669216ba6bd5bb47

SHA1
d869ee771aaa316272d9414feaa0de91b2828744

SHA256
6eef6bb9aafec00893fd51b5b04dc6780d38b743da38fad8e9d2137e9af44cc5

SHA512
03fda6509198a38e0fa8b26e23dd35c57439af3680c432b192a4447b5790bfc05a24c49a5f1f3b61a600d9940436d4293421fcab6252c6dd0f1fabf567232b8f

Download Submit