2f729a65319bf3209a345d3d093e520071573311453609c7078772ef954675de

Analysis

max time kernel
130s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c2c7687356c4bf88dd0ecf4fda55186_JaffaCakes118.exe
Size

380KB
MD5

6c2c7687356c4bf88dd0ecf4fda55186
SHA1

7775332c07eafe3d3e8111c63a116446d298212c
SHA256

2f729a65319bf3209a345d3d093e520071573311453609c7078772ef954675de
SHA512

0926f361c571d6763fef1e9fe20eaf276a2e56db189d944abbc565213bf257aaf4554565f97f36b61800dfbce951d0b8444b9226499fd6da582eb503452d362a
SSDEEP

6144:lD3Sv9gkWTnN0tQQa/IES5ynOl6DRo96voUj8B+iRRF1Gth5zArxhf7WwyAXJQ:lDoql6uJIEKl066QN8Mr1XJQ

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6c2c7687356c4bf88dd0ecf4fda55186_JaffaCakes118.lnk	6c2c7687356c4bf88dd0ecf4fda55186_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	6c2c7687356c4bf88dd0ecf4fda55186_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\6c2c7687356c4bf88dd0ecf4fda55186_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6c2c7687356c4bf88dd0ecf4fda55186_JaffaCakes118.exe"
1⤵
- Drops startup file
- Drops file in Windows directory
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3064-29-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/3064-28-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/3064-27-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/3064-21-0x0000000003140000-0x000000000316F000-memory.dmp

Filesize
188KB

Download
memory/3064-20-0x00000000031E0000-0x00000000031E1000-memory.dmp

Filesize
4KB

Download
memory/3064-19-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/3064-18-0x00000000031C0000-0x00000000031C1000-memory.dmp

Filesize
4KB

Download
memory/3064-17-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/3064-16-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/3064-15-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/3064-14-0x0000000000C60000-0x0000000000C62000-memory.dmp

Filesize
8KB

Download
memory/3064-13-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/3064-12-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/3064-11-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/3064-10-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/3064-9-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/3064-8-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

Filesize
4KB

Download
memory/3064-7-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/3064-6-0x0000000000C90000-0x0000000000C91000-memory.dmp

Filesize
4KB

Download
memory/3064-5-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3064-4-0x0000000000C10000-0x0000000000C11000-memory.dmp

Filesize
4KB

Download
memory/3064-3-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/3064-2-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download
memory/3064-1-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/3064-0-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3064-35-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download