aea377d46329bf15cb26702e69b2c892740a1e1f1bd6656a9cb15e04f85c5dd5

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe
Size

1.6MB
MD5

8b66691a3a6c87d11d4964c8fd32b90b
SHA1

49816c72fab22b7a4b6ca59247fea2a9f528689e
SHA256

aea377d46329bf15cb26702e69b2c892740a1e1f1bd6656a9cb15e04f85c5dd5
SHA512

6a4cede2217072daaf1a0a0a5945346c2fa5ccf576da7d3879f1263995e1e8a39d5cac7fc54fcf3fecef93a507f8715648158afc86dafdc4e7da8bd4db3abba6
SSDEEP

49152:HZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9R:HGIjR1Oh0Td

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3024	PING.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2032	8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2032	8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe
2032	8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe
2032	8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1832	2032	8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe	30
PID 2032 wrote to memory of 1832	2032	8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe	30
PID 2032 wrote to memory of 1832	2032	8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe	30
PID 2032 wrote to memory of 1832	2032	8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe	30
PID 1832 wrote to memory of 3024	1832	cmd.exe	32
PID 1832 wrote to memory of 3024	1832	cmd.exe	32
PID 1832 wrote to memory of 3024	1832	cmd.exe	32
PID 1832 wrote to memory of 3024	1832	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8b66691a3a6c87d11d4964c8fd32b90b_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\11626.bat" "C:\Users\Admin\AppData\Local\Temp\D163B4BC9E49409F841C17D43C9AF9EC\""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\11626.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\D163B4BC9E49409F841C17D43C9AF9EC\D163B4BC9E49409F841C17D43C9AF9EC_LogFile.txt

Filesize
2KB

MD5
05073b68b61997ab5e4ab056055b8323

SHA1
4bb897d1cb81631904c8d0c196c3735db13933cb

SHA256
ec5eccd2c8d3f6bfe3cb0717964563b733b09141fa85be66960ba0d57423aff7

SHA512
cf7d601b99a53c326793ae01b9295e67e2d001f43a32cf819bcb7178ae392fc680c28944f8434a447b52e4fb39f01990eb2fa6e7bfa0e22459d39df0f6acaef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\D163B4BC9E49409F841C17D43C9AF9EC\D163B4BC9E49409F841C17D43C9AF9EC_LogFile.txt

Filesize
9KB

MD5
5366c03b42f3a5ddb268525b8d5eccc8

SHA1
9fe03f22d17977a606d5f7030475f337c6c02f9e

SHA256
0d4e938c51bf8437b61dc5752838b5171bbc8cfa92aa6740f3c3d45ad80d7802

SHA512
93c5f3938c50a50e94406c481f9c2ec9fe3a13225f7ad4fb657b23468e21ec76eaf555fd4b8ae613aa48e4591be3cc8a22635c1640b9e1defef8d0e95c9b782d

Download Submit
C:\Users\Admin\AppData\Local\Temp\D163B4BC9E49409F841C17D43C9AF9EC\D163B4BC9E49409F841C17D43C9AF9EC_LogFile.txt

Filesize
670B

MD5
6bb94fa36725316e4e165f81308ff323

SHA1
2e10811a97d1ed4f7945e13b89142830805b52da

SHA256
9d8a5529701a318f68e3cac12c9692a890fe65c8580d7eae32f804962192a2a8

SHA512
2a58859b9c0b90e509fa349bb275951c226c9cf53cc21eeb60f49484d52fb4ffd86cd2c586fcd54fdee885b4e5ce748854c4adb46e6d3d401444cf8670072632

Download Submit
C:\Users\Admin\AppData\Local\Temp\D163B4BC9E49409F841C17D43C9AF9EC\D163B4~1.TXT

Filesize
101KB

MD5
f239f666c474ddfe326eb9a5da65b1dc

SHA1
45902771ba56ddb7435b759a76fc16c1c0ea05c7

SHA256
232516659ef6070f8d2f3a9ff5fecdf1e9106d086829464d63f1b2522b4d4712

SHA512
bef0c39c59b414d2f849b4bed9eeabe46d13cb495ba2e3646514fdd3b597eadfe26084544359d25460a62d17637e4a283872edbe6fcbfb9849f9befaaf88b89d

Download Submit
memory/2032-61-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/2032-176-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download