dcc992c13a8e67dea884a6b9742c8911054e82d6a08d83de22c4f5b031284006

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe
Size

1.6MB
MD5

876922bcc7e446a507b8ade7a93c2adb
SHA1

7422f4998c5d1bb096e6b229d0a1b79e3cdc8028
SHA256

dcc992c13a8e67dea884a6b9742c8911054e82d6a08d83de22c4f5b031284006
SHA512

714ea12833969715f40161e4e2566a65dad31d7d2ec05eba6f04b1f526245c6e53c655148c4c754ae52555768f0afac0d408209fe21e6bd9f627219bd605db32
SSDEEP

49152:4Zgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9l:4GIjR1Oh0TR

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3064	876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3064	876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe
3064	876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe
3064	876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1928	3064	876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe	30
PID 3064 wrote to memory of 1928	3064	876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe	30
PID 3064 wrote to memory of 1928	3064	876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe	30
PID 3064 wrote to memory of 1928	3064	876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\876922bcc7e446a507b8ade7a93c2adb_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\4945.bat" "C:\Users\Admin\AppData\Local\Temp\2EE10E34AA144DD3BF36F941F99BB04F\""
  2⤵
  PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2EE10E34AA144DD3BF36F941F99BB04F\2EE10E34AA144DD3BF36F941F99BB04F_LogFile.txt

Filesize
5KB

MD5
818e6500c7ca8e33c165a3a679594e82

SHA1
92bcf92cbc0cbc0417fbf04ee25f3a642c867852

SHA256
e33cc858e937b2d3a0f0ccab91ae8a1d5c2f6565ca903a47d66e71a9f48707c0

SHA512
7613584b0a83785ecd6be6462751a64bb6721e02cc8dac1ff85e9d28e0b5741bc45697e9981b3f8cab0c8a5f325c9c3686b1eacb2f0ed5f7d7ae63482bb8c6c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2EE10E34AA144DD3BF36F941F99BB04F\2EE10E34AA144DD3BF36F941F99BB04F_LogFile.txt

Filesize
2KB

MD5
26061e73bf4ae8c9ff4abd5c7aab9a31

SHA1
142c27f6cf1a14a39ddfd78234edc1ff0dfbcb25

SHA256
505fc9e3fa9f1ecd0c5caf6b92aa2462fc119c8eb3057a2421aa514a3a47ab64

SHA512
4a762f6671c6b64f57dbf45b673b82ddc08c4b5a18487937ebfd83a96a07160bb446181a26e8070979d2b0e60213683de8178b4c36effcb44066082c2db82d49

Download Submit
C:\Users\Admin\AppData\Local\Temp\2EE10E34AA144DD3BF36F941F99BB04F\2EE10E~1.TXT

Filesize
102KB

MD5
8cd5cc49924a6b955d148c8841d3a3e6

SHA1
aa800ea428bb2c210e352bbef7c12b592d17120f

SHA256
c7531ca74069e71a4adf141774ab8d22a70dd977f0ef443e33fd392dfb6b8a72

SHA512
a58c39ead909d4ca4f671613ae62d443a9319f73ea669fc7828cec0a9f66379e5dff696958f2bb57e794df73acd3e2bae684781f48865bfb8dac5a052776b08d

Download Submit
C:\Users\Admin\AppData\Local\Temp\4945.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
memory/3064-61-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/3064-180-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download