31fc67e691f97496404ee6db955aecf0ed15a620270637433b7ec182f441e508

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe
Size

2.2MB
MD5

65b8821bec26f4abf1432db31fa8275c
SHA1

f8078d74f99215df8c3af09c809e0902145edb29
SHA256

31fc67e691f97496404ee6db955aecf0ed15a620270637433b7ec182f441e508
SHA512

aeff427113d366c38cb9c9e0633f2ab8fd7a1576c0fddb64aeb40d1b0aef82e619542600b78a9508f962c12653ca770ec1736466e7cc025792f9e4f58a726727
SSDEEP

49152:2rIDRWlhI7kmA9CVPuPzXrUgW9JLUgF+p:2ORWDI7kXCVPtTs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

uninstall.exe

pid process

1944 uninstall.exe

pid	process
1944	uninstall.exe

Loads dropped DLL 4 IoCs

Processes:

65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe

pid	process
2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe
2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe
2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe
2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe

description	pid	process	target process
PID 2284 wrote to memory of 1944	2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe	uninstall.exe
PID 2284 wrote to memory of 1944	2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe	uninstall.exe
PID 2284 wrote to memory of 1944	2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe	uninstall.exe
PID 2284 wrote to memory of 1944	2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe	uninstall.exe
PID 2284 wrote to memory of 1944	2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe	uninstall.exe
PID 2284 wrote to memory of 1944	2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe	uninstall.exe
PID 2284 wrote to memory of 1944	2284	65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe	uninstall.exe

C:\Users\Admin\AppData\Local\Temp\65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2284

C:\Users\Admin\AppData\Local\Temp\{D27PLA72-DCA2-5JIA-B8CB-D165ZHUOA25}\uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\{D27PLA72-DCA2-5JIA-B8CB-D165ZHUOA25}\uninstall.exe" /uninstall /file"C:\Users\Admin\AppData\Local\Temp\65b8821bec26f4abf1432db31fa8275c_JaffaCakes118.exe"
2⤵
- Executes dropped EXE
PID:1944

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\DVDFab Passkey\Log\install.log
Filesize
663B

MD5
4bc01463c7695f5311569d62a98c2870

SHA1
6ef1631dd28ddf2e44505f60e1e28fa5f0636e44

SHA256
b12a3c716f357b951b47ed587984b6c7a359892e80f39a3ff411fd6b08cb16aa

SHA512
e2985aeede6d2ab32e1a7d1b8280654f789bcf03a74fc0e9e49ba0d30d578f7ec07bea5c190dc46d0dcb726742b46f35967b4a72fb77fcf3d59a62bb5b1b2809

Download Submit
C:\Users\Admin\Documents\DVDFab Passkey\Log\install.log
Filesize
270B

MD5
b7c963dae77304b3fed5d9f3062c261d

SHA1
0728e124e0d45e7a8f8850b7592c6a2636951f9c

SHA256
727b3a594ef551196d3c0a324fc2496ab30781646e2632809b87cac7c7cd9379

SHA512
0136e945ec2b30a1ecfed1742457850d2d4a73d7090523142624d960fff01b694b768823cc61bf43ca10bc4095bd2c53cee0481beae61f99e665cf2a950496e0

Download Submit
\Users\Admin\AppData\Local\Temp\{D27PLA72-DCA2-5JIA-B8CB-D165ZHUOA25}\uninstall.exe
Filesize
2.2MB

MD5
65b8821bec26f4abf1432db31fa8275c

SHA1
f8078d74f99215df8c3af09c809e0902145edb29

SHA256
31fc67e691f97496404ee6db955aecf0ed15a620270637433b7ec182f441e508

SHA512
aeff427113d366c38cb9c9e0633f2ab8fd7a1576c0fddb64aeb40d1b0aef82e619542600b78a9508f962c12653ca770ec1736466e7cc025792f9e4f58a726727

Download Submit