e5c7e0e2ce4a490db079c16b4b4c0888dddccb08395e83926d8a7c02e5a3ec5a

General

Target

692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe
Size

4.9MB
MD5

692dbef54cdc9aa6dbcf982ecd41b845
SHA1

675caa56ea6f899dbf093a3f71e7218975b119a4
SHA256

e5c7e0e2ce4a490db079c16b4b4c0888dddccb08395e83926d8a7c02e5a3ec5a
SHA512

5502204624b898d09898807f45e5806dc5dc49b514cbe95fff49847e031f8f72d7a89e88d8bf00b196d2b9470b25c594d0957e64ed33612368fb569f66a1a3c6
SSDEEP

98304:4QrIBOkRekDsHGe9hs9ahuqRpaLxxn7pJk7v1epj7PiUVPId:rrKTekIme9hs90hRpaLDnlJkxoj7Pd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

tor.exe

pid process

2616 tor.exe

pid	process
2616	tor.exe

Loads dropped DLL 8 IoCs

Processes:

692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exetor.exe

pid	process
2936	692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe
2936	692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe
2616	tor.exe
2616	tor.exe
2616	tor.exe
2616	tor.exe
2616	tor.exe
2616	tor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exetor.exe

pid process

2936 692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe
2616 tor.exe
2616 tor.exe
2616 tor.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe

description pid process

Token: SeDebugPrivilege 2936 692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	2936	692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe

description	pid	process	target process
PID 2936 wrote to memory of 2616	2936	692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe	tor.exe
PID 2936 wrote to memory of 2616	2936	692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe	tor.exe
PID 2936 wrote to memory of 2616	2936	692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe	tor.exe
PID 2936 wrote to memory of 2616	2936	692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe	tor.exe

C:\Users\Admin\AppData\Local\Temp\692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\692dbef54cdc9aa6dbcf982ecd41b845_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2936

C:\Users\Admin\AppData\Local\Temp\Tor\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\Tor\Tor\tor.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tor\Tor\LIBEAY32.dll

Filesize
3.0MB

MD5
6ed47014c3bb259874d673fb3eaedc85

SHA1
c9b29ba7e8a97729c46143cc59332d7a7e9c1ad8

SHA256
58be53d5012b3f45c1ca6f4897bece4773efbe1ccbf0be460061c183ee14ca19

SHA512
3bc462d21bc762f6eec3d23bb57e2baf532807ab8b46fab1fe38a841e5fde81ed446e5305a78ad0d513d85419e6ec8c4b54985da1d6b198acb793230aeecd93e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tor\Tor\SSLEAY32.dll

Filesize
694KB

MD5
a12c2040f6fddd34e7acb42f18dd6bdc

SHA1
d7db49f1a9870a4f52e1f31812938fdea89e9444

SHA256
bd70ba598316980833f78b05f7eeaef3e0f811a7c64196bf80901d155cb647c1

SHA512
fbe0970bcdfaa23af624daad9917a030d8f0b10d38d3e9c7808a9fbc02912ee9daed293dbdea87aa90dc74470bc9b89cb6f2fe002393ecda7b565307ffb7ec00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tor\Tor\libevent-2-0-5.dll

Filesize
702KB

MD5
90f50a285efa5dd9c7fddce786bdef25

SHA1
54213da21542e11d656bb65db724105afe8be688

SHA256
77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f

SHA512
746422be51031cfa44dd9a6f3569306c34bbe8abf9d2bd1df139d9c938d0cba095c0e05222fd08c8b6deaebef5d3f87569b08fb3261a2d123d983517fb9f43ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tor\Tor\libgcc_s_sjlj-1.dll

Filesize
510KB

MD5
73d4823075762ee2837950726baa2af9

SHA1
ebce3532ed94ad1df43696632ab8cf8da8b9e221

SHA256
9aeccf88253d4557a90793e22414868053caaab325842c0d7acb0365e88cd53b

SHA512
8f4a65bd35ed69f331769aaf7505f76dd3c64f3fa05cf01d83431ec93a7b1331f3c818ac7008e65b6f1278d7e365ed5940c8c6b8502e77595e112f1faca558b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tor\Tor\libssp-0.dll

Filesize
90KB

MD5
78581e243e2b41b17452da8d0b5b2a48

SHA1
eaefb59c31cf07e60a98af48c5348759586a61bb

SHA256
f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f

SHA512
332098113ce3f75cb20dc6e09f0d7ba03f13f5e26512d9f3bee3042c51fbb01a5e4426c5e9a5308f7f805b084efc94c28fc9426ce73ab8dfee16ab39b3efe02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tor\Tor\zlib1.dll

Filesize
105KB

MD5
fb072e9f69afdb57179f59b512f828a4

SHA1
fe71b70173e46ee4e3796db9139f77dc32d2f846

SHA256
66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383

SHA512
9d157fece0dc18afe30097d9c4178ae147cc9d465a6f1d35778e1bff1efca4734dd096e95d35faea32da8d8b4560382338ba9c6c40f29047f1cc0954b27c64f8

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
18.2MB

MD5
d497419b0346d8da9c1150344653de57

SHA1
db712fbdfd3a902746a27190e70697efce469986

SHA256
e67f020b29679e9648f77ee7b0a91b06031d20ce460326c972a7a2660100152b

SHA512
ab65d668ccc987f8d351689c7b009c8d75203aacda6f65c903384ef19604a904a5e66e69fff2911dafea74429d2db87481ff148001447df1655ceebf49a1743c

Download Submit
\Users\Admin\AppData\Local\Temp\Tor\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
memory/2616-42-0x0000000074010000-0x0000000074092000-memory.dmp

Filesize
520KB

Download
memory/2616-57-0x0000000073C90000-0x0000000073CB2000-memory.dmp

Filesize
136KB

Download
memory/2616-129-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-122-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-115-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-103-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-45-0x0000000073C90000-0x0000000073CB2000-memory.dmp

Filesize
136KB

Download
memory/2616-43-0x0000000073D50000-0x0000000073F6C000-memory.dmp

Filesize
2.1MB

Download
memory/2616-46-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-48-0x0000000074010000-0x0000000074092000-memory.dmp

Filesize
520KB

Download
memory/2616-47-0x0000000074011000-0x0000000074055000-memory.dmp

Filesize
272KB

Download
memory/2616-44-0x0000000073CC0000-0x0000000073D42000-memory.dmp

Filesize
520KB

Download
memory/2616-96-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-51-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-56-0x0000000073CC0000-0x0000000073D42000-memory.dmp

Filesize
520KB

Download
memory/2616-79-0x0000000073D50000-0x0000000073F6C000-memory.dmp

Filesize
2.1MB

Download
memory/2616-55-0x0000000073D50000-0x0000000073F6C000-memory.dmp

Filesize
2.1MB

Download
memory/2616-54-0x0000000073F70000-0x0000000073FE7000-memory.dmp

Filesize
476KB

Download
memory/2616-53-0x0000000073FF0000-0x000000007400C000-memory.dmp

Filesize
112KB

Download
memory/2616-52-0x0000000074010000-0x0000000074092000-memory.dmp

Filesize
520KB

Download
memory/2616-75-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-59-0x00000000009B0000-0x0000000000CAE000-memory.dmp

Filesize
3.0MB

Download
memory/2616-63-0x0000000073D50000-0x0000000073F6C000-memory.dmp

Filesize
2.1MB

Download
memory/2936-66-0x0000000074510000-0x0000000074BFE000-memory.dmp

Filesize
6.9MB

Download
memory/2936-58-0x000000007451E000-0x000000007451F000-memory.dmp

Filesize
4KB

Download
memory/2936-7-0x0000000000530000-0x0000000000564000-memory.dmp

Filesize
208KB

Download
memory/2936-1-0x0000000000FF0000-0x00000000014E4000-memory.dmp

Filesize
5.0MB

Download
memory/2936-0-0x000000007451E000-0x000000007451F000-memory.dmp

Filesize
4KB

Download
memory/2936-2-0x0000000074510000-0x0000000074BFE000-memory.dmp

Filesize
6.9MB

Download
memory/2936-3-0x0000000074510000-0x0000000074BFE000-memory.dmp

Filesize
6.9MB

Download
memory/2936-4-0x0000000006B90000-0x0000000007038000-memory.dmp

Filesize
4.7MB

Download
memory/2936-5-0x0000000000980000-0x00000000009A0000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing