66da20fd479c695ae37d22613dac896c17b952439be1ddd2a0c866f907f1dbed

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 00:40

Target

7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe
Size

1.6MB
MD5

7ef5f337cd23ef3ccedded9dee063a1d
SHA1

55e208f062d9c2281836820a5159d8e1c0235fb4
SHA256

66da20fd479c695ae37d22613dac896c17b952439be1ddd2a0c866f907f1dbed
SHA512

c3d49f459f9f5e79713db234ba8b04c93a9d44d714277d7aaf2405b04239f7d0e01c39c44c67680e2827f1363246207ec895e6e22af1c4fb8d10877134962c7a
SSDEEP

49152:eZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9l:eGIjR1Oh0TR

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

pid	Process
1976	PING.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2204	7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2204	7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe
2204	7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe
2204	7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1652	2204	7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe	30
PID 2204 wrote to memory of 1652	2204	7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe	30
PID 2204 wrote to memory of 1652	2204	7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe	30
PID 2204 wrote to memory of 1652	2204	7ef5f337cd23ef3ccedded9dee063a1d_JaffaCakes118.exe	30
PID 1652 wrote to memory of 1976	1652	cmd.exe	32
PID 1652 wrote to memory of 1976	1652	cmd.exe	32
PID 1652 wrote to memory of 1976	1652	cmd.exe	32
PID 1652 wrote to memory of 1976	1652	cmd.exe	32

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\1000.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\88020D5E24074D4C90EF482A1E1C7149\88020D5E24074D4C90EF482A1E1C7149_LogFile.txt

Filesize
9KB

MD5
f6de73c93d3e49c6304d992a13b50489

SHA1
1b43f3d3ccb817d3d15d313048113c2510af4237

SHA256
1d537d29bf5a383644201b94a87454df374acdf830d3a3d513f7d8b2fdbe2397

SHA512
e1d31f9fa16a949b3153d2a5a7db85c9c2f690575338744fc3544708b9e03eaf1e118d128ac8e5b31809d625bdc0a829813e4fcdb3ceeb55b5850b627931bd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\88020D5E24074D4C90EF482A1E1C7149\88020D~1.TXT

Filesize
103KB

MD5
6111c49802561730d3bdf1bc016e2670

SHA1
510d5608a19b12899c9af0d53f80ecebd15caf52

SHA256
6ca39b01d2477f9d66e7ba72dc039713fa97be7f612a3eb58f9c4bfac14bc451

SHA512
36f0dc6e7efc03edf23750014d1a2c9dea0be5b5d130b69a3333ac5bed8618459f6100b2dfe145c22d5a9d38190fc8f887fa89e01d1e9da9613873c081ae79be

Download Submit
memory/2204-63-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2204-181-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download