319f6ba764101bb7633976fe20fff7fae9b9461ba7a0d66d685f23eff405fe03

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
Size

1.6MB
MD5

7113bca974e34270da5aa6834a3db55d
SHA1

2dc327ae359e9d227fd63dac5eee147761757a51
SHA256

319f6ba764101bb7633976fe20fff7fae9b9461ba7a0d66d685f23eff405fe03
SHA512

6d3c4ac8f291cada7ba3c6fd09de531bd26ada7bc969e89a85c7a64c523184a27b04613cb17a19f3a30ebeba4b650c372d4c7419b7e114739b51a52875959961
SSDEEP

49152:TZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S97:TGIjR1Oh0TP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2192	PING.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
108	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
108	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
108	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
108	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 940	108	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe	30
PID 108 wrote to memory of 940	108	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe	30
PID 108 wrote to memory of 940	108	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe	30
PID 108 wrote to memory of 940	108	7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe	30
PID 940 wrote to memory of 2192	940	cmd.exe	32
PID 940 wrote to memory of 2192	940	cmd.exe	32
PID 940 wrote to memory of 2192	940	cmd.exe	32
PID 940 wrote to memory of 2192	940	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7113bca974e34270da5aa6834a3db55d_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:108
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\17421.bat" "C:\Users\Admin\AppData\Local\Temp\2A15B9D12E2A4BF2A7CB89945BF4B50B\""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:940
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\17421.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\2A15B9D12E2A4BF2A7CB89945BF4B50B\2A15B9D12E2A4BF2A7CB89945BF4B50B_LogFile.txt

Filesize
2KB

MD5
13effe0273b7cd2da6bad4e09ec191b7

SHA1
b101660f21a4a68558a5c82351e44900c030bc92

SHA256
10141bed4d618df7f4a239559f118d435d9caaa6a8256f183f9cc4dc4154f316

SHA512
70c6adbb97c21eef94e7ab1de2db9c172be074d3b6ffc6625e9c5d9c8d62f0473b1fd000eba40085c793fd42762bb42827625137b6d4a8d28bb007880ecf2ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2A15B9D12E2A4BF2A7CB89945BF4B50B\2A15B9D12E2A4BF2A7CB89945BF4B50B_LogFile.txt

Filesize
10KB

MD5
40b7b0f628162596452e522563b4e462

SHA1
d97549ec6aead02cd7bf0999dc1727e91a0c85aa

SHA256
4993932e2ed5921bbc7933c7233462a4cd4b4871eb1c601b908a8446402ecfdd

SHA512
31b0f8e7931eb6612c9200af2b229d33fbd122eaa61ebc9bfc692ee8eddd01f61846f78b512143b55de35dd81bfb2381ebfd8ee7597bc0ccf0bbadd1666b6844

Download Submit
C:\Users\Admin\AppData\Local\Temp\2A15B9D12E2A4BF2A7CB89945BF4B50B\2A15B9~1.TXT

Filesize
103KB

MD5
90d53078abd98ebc5e7ab57e92e12132

SHA1
b72e2610561463dc7bb9b1f6fadd256fcc1008c4

SHA256
7e9d072e815cbd7345347c025a5a93422c6dd25678bbfaea1f1a4e1639d4f260

SHA512
0d5495b55d98bd046c5fd593768650e6a5b2e899a7cdc714da55f8a481c3d689421f308a65d4f5a4c0721a0d2a3a3a05c026ff7301c28359f88b2e0248215146

Download Submit
memory/108-63-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/108-180-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download