7c3cc60f68c16e5f946855e9935f5955651b9133f039dab0c8368b440c990f3f

Analysis

max time kernel
141s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:04

Target

65a11d3066c8d91c527973b80f679522_JaffaCakes118.exe
Size

1.6MB
MD5

65a11d3066c8d91c527973b80f679522
SHA1

fb8a7b3c14014fea0fc7d457b2047b32aca88035
SHA256

7c3cc60f68c16e5f946855e9935f5955651b9133f039dab0c8368b440c990f3f
SHA512

efadf1ea37fa6634a85ae64317f7faa70783deb4ef3c3b843a8b1008bfb73992216ef938458765c8192c123179f500c14b7e695ac82e04ccffc8caf04e1245c1
SSDEEP

24576:02BbEKosPAZ3ZOOKfs6NL0CpszqtPUfRQI5n5PmSGj69bA5rV4Yihe5CpnB:Nbz183QRNLTeqU9PGjebA5rOYiZnB

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

65a11d3066c8d91c527973b80f679522_JaffaCakes118.tmp

pid process

3248 65a11d3066c8d91c527973b80f679522_JaffaCakes118.tmp
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

65a11d3066c8d91c527973b80f679522_JaffaCakes118.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

65a11d3066c8d91c527973b80f679522_JaffaCakes118.exe

description	pid	process	target process
PID 4264 wrote to memory of 3248	4264	65a11d3066c8d91c527973b80f679522_JaffaCakes118.exe	65a11d3066c8d91c527973b80f679522_JaffaCakes118.tmp
PID 4264 wrote to memory of 3248	4264	65a11d3066c8d91c527973b80f679522_JaffaCakes118.exe	65a11d3066c8d91c527973b80f679522_JaffaCakes118.tmp
PID 4264 wrote to memory of 3248	4264	65a11d3066c8d91c527973b80f679522_JaffaCakes118.exe	65a11d3066c8d91c527973b80f679522_JaffaCakes118.tmp

C:\Users\Admin\AppData\Local\Temp\65a11d3066c8d91c527973b80f679522_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65a11d3066c8d91c527973b80f679522_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4264

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\is-AKI0J.tmp\65a11d3066c8d91c527973b80f679522_JaffaCakes118.tmp

Filesize
1.2MB

MD5
e7106fbf42fbc6d5b08a18ada4f781b4

SHA1
36d4a629f79d772c0b0df8bd2ae2ea09108d239d

SHA256
64e1f1fa7d91920b17bc7bc679a4cd8d87ff5b104318b6921bb6bf6a19055635

SHA512
adf876296a952aadeb4f25211c0939bf5a278809b5d3007ad7e26c5d4975e7684d242c1b3de796efd474a47cb7ecdb80f9047935924a1108bf0e4d7c973d1845

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C8QJB.tmp\setupcfg.ini

Filesize
44B

MD5
31e101d208a8761c789319c8c37c2f36

SHA1
e624f0cf0fa2bc00e98e1ea7f90fa04cbcd1fa34

SHA256
e66d0845813bc1d81c6f6cdde9f9abdd2c0ae3916942aae4372488d6770f250c

SHA512
164ac22f35c222496abbb19c4c3c9f1ff63cab63525e87ea2a764b8d77523f39d8785e764e393b4adddc1364089d1d6af18e75da4cf01bbc4ce1a90821143923

Download Submit
memory/3248-7-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3248-44-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/4264-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4264-2-0x0000000000401000-0x000000000040D000-memory.dmp

Filesize
48KB

Download
memory/4264-43-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download