470153e2955821a4063f2645f5eea53551c28d2980cb2f34b236e4b14c0cd289

Analysis

max time kernel
137s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f0f35c50f67a8a383dfca21d12780a2_JaffaCakes118.exe
Size

564KB
MD5

7f0f35c50f67a8a383dfca21d12780a2
SHA1

5b8d4cbd1393b3bf156ed731102bb7f737dc632c
SHA256

470153e2955821a4063f2645f5eea53551c28d2980cb2f34b236e4b14c0cd289
SHA512

0f5d584e43e33de05a62aab7ee6c72dbb0eee1d82fb342fa569bf32d7aeb0c761c462835939d826e1b3dcb3ebe725be6480276a964d7aec5f49cb0b00521743b
SSDEEP

6144:eIwsII3emtkVXCMbMgotROuV8U7gXCMb:dxveCMAlCU7GCM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 396	4456	7f0f35c50f67a8a383dfca21d12780a2_JaffaCakes118.exe	92
PID 4456 wrote to memory of 396	4456	7f0f35c50f67a8a383dfca21d12780a2_JaffaCakes118.exe	92
PID 396 wrote to memory of 428	396	csc.exe	94
PID 396 wrote to memory of 428	396	csc.exe	94

C:\Users\Admin\AppData\Local\Temp\7f0f35c50f67a8a383dfca21d12780a2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7f0f35c50f67a8a383dfca21d12780a2_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tcgymhmz.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES65FE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC65EE.tmp"
    3⤵
    PID:428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES65FE.tmp

Filesize
1KB

MD5
38bb1b9d9bdf63c8f6679da09ef357ef

SHA1
e68318c7e345f3de72f7b6f36e9554284fef4ca4

SHA256
6601efb53f1169946576f9d8f3c45230f69a6a22bb5686bb103fbeecb2137c6f

SHA512
37d3e42537f90ba362ee597b4c475217d59b0743526f33a971a2b67f67aa67602b100e4904cb1df59732184fcbfddccb48166beb861a0f51a511f023d7aafe31

Download Submit
C:\Users\Admin\AppData\Local\Temp\tcgymhmz.dll

Filesize
220KB

MD5
ec14e482af21c8ce8afb383be9718d21

SHA1
6ce3d136ce0a634f2def6671f6f6f9deec1b2599

SHA256
c68e166ac1ed69505f82927755e5bd57ff3f8d498a146f715b48ecf59428f36b

SHA512
aae0eccf5892144bc5d9a2b78f57e8d014bcbac4f824c47c81d828aedba85b3e6c8c420936acf157998ea6fc8ad2ac1c07f0ac241ed41c8e3c5c1a5fdd103491

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC65EE.tmp

Filesize
652B

MD5
1f1dc9aae0e93698c5ae37a4cd44cd6d

SHA1
eea432bf08bf8b9d12f4d36c4c163896da7ad65f

SHA256
a51b7cc4f0d79e4aad5e504fb0cf15ffc6da53a15039947971dc061bea19a3a4

SHA512
058888ae94382fe77503c4635331882bf8ef9bc7900616cacd51c7fd0a42d952ac7868f8cfd41c4e0690bb535f8ed8e902df189045ea353f96f0a7eb3246c9eb

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tcgymhmz.0.cs

Filesize
484KB

MD5
f810f2d788309d1a6e7808653dfb9bda

SHA1
3a3f99c446686ecfeb56ceeeab1b736ca2450f9b

SHA256
b79cf5e7a68bf23d0d7cf4856e08e4bea2ba481dac9694aacf9a7c45449dc457

SHA512
740ed8dadb01cf418f37004abf9404f3f76998ea114b51c492cefb84a827a09ba1e0a1e6d25d7deca689cd71e3d6855367d1e7511d42d3395f61b190975ef07d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tcgymhmz.cmdline

Filesize
707B

MD5
2b566889e4748eb27a233d9937ba3d07

SHA1
bd0577e1532bebae8ea80901050b2a11bb63429d

SHA256
7df56f9967c33b93ce7d66815c566988bb080d43301497234d402ade09764697

SHA512
809319a7b9a13374a26d00a34a9c307ff06267a6d057e4e6e96b8116f38445f5bba4b47b57de0eb21b74286c5487863285f1a8e25f4e5fdf3fd68b9c0ab2dfed

Download Submit
memory/396-23-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download
memory/396-18-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download
memory/4456-5-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download
memory/4456-4-0x000000001C7F0000-0x000000001CAFE000-memory.dmp

Filesize
3.1MB

Download
memory/4456-9-0x0000000028350000-0x0000000028420000-memory.dmp

Filesize
832KB

Download
memory/4456-10-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download
memory/4456-7-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download
memory/4456-6-0x0000000001630000-0x0000000001638000-memory.dmp

Filesize
32KB

Download
memory/4456-0-0x00007FF8421D5000-0x00007FF8421D6000-memory.dmp

Filesize
4KB

Download
memory/4456-8-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download
memory/4456-3-0x000000001C750000-0x000000001C7EC000-memory.dmp

Filesize
624KB

Download
memory/4456-1-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download
memory/4456-2-0x000000001C1E0000-0x000000001C6AE000-memory.dmp

Filesize
4.8MB

Download
memory/4456-25-0x000000001DB30000-0x000000001DB6A000-memory.dmp

Filesize
232KB

Download
memory/4456-27-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download
memory/4456-28-0x00007FF8421D5000-0x00007FF8421D6000-memory.dmp

Filesize
4KB

Download
memory/4456-30-0x00007FF841F20000-0x00007FF8428C1000-memory.dmp

Filesize
9.6MB

Download