0d1a6735e5f1522903ff8e5c48fbad41b556cdfa796b836a03071fa15a9c57ff

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe
Size

21.8MB
MD5

8df1aa737b8c6c4ea21a6578057af930
SHA1

4f09fbe15329843b0000009255c82d2eb7124157
SHA256

0d1a6735e5f1522903ff8e5c48fbad41b556cdfa796b836a03071fa15a9c57ff
SHA512

dcda3fa4002719b09d328e2c68718adbbb2267e815ea2a6b864f4161f51a8f229ef108bf56a52c4f8e078c7bccaf27c18089b83a86805b816de568a40f37b1a4
SSDEEP

393216:FAjMwMg1BIXOuljaia3hs5nnIzPqPvdPUkGVyXOWUSOCRhNjjgMO3tKu:ijMwV1xEeia3u5IzPqhNGUXOWdRhNnNQ

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2600	TeamViewer_.exe

Loads dropped DLL 15 IoCs

pid	Process
1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe
1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe
2600	TeamViewer_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2600	TeamViewer_.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2600	1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2600	1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2600	1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2600	1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2600	1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2600	1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe	28
PID 1932 wrote to memory of 2600	1932	8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8df1aa737b8c6c4ea21a6578057af930_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
  "C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TeamViewer\tvinfo.ini

Filesize
76B

MD5
00d0b831bcd4f7db87768f618270fb02

SHA1
e5f69a70661644ee27a6fa0d215f8a5263282417

SHA256
b8d53ae825fa56dd7b8cdea0484a4d98ea8ca15f88a511c74833288081c1c2db

SHA512
fe5ac6973fffd32fc17ab4afdb375ed8e5fc2bddba7dc47dde4b58361afbd333faaaf018d03c4c7fe7ecf3c1f74cb452c30d18b2a6c0012c3ec95f3c54116a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd2C6E.tmp\TvGetVersion.dll

Filesize
193KB

MD5
d2ac4ca57f4b624c444c17e8a353deaa

SHA1
d713b2b4ff0cec01b5c89bd26127012eed460a32

SHA256
a4db659c6265ba7efbbd4906257ef6cdb8f9b1fefba78f01425390729ab3d1f2

SHA512
db991671548d9f239acf7b77b47ccbf438c626e803026a68d7c67ec5b3923195c8745f6adbe730fe4c049237217849f8f9f47fc335cf94b1413a7debc9b8d9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2E05.tmp\advanced_unicode.ini

Filesize
1KB

MD5
f68824a4130ebaf6bc7ab0f62256d7d7

SHA1
40af19a0d92b3c9e1a8b1eaab7d12c69e5df436a

SHA256
cd8149a2e89373075ee6db800b7f2496bacbfe21b23e4a06a3453632503b3965

SHA512
6a173aaa183be0e5a516cad484802dae1fc53a414f870f93ea846a9ef9f9df35153766ef632eb5e8ced8f94c2ed09a9decdf3465d46b0dcc44a6918d88e242cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2E05.tmp\start_unicode.ini

Filesize
2KB

MD5
54e585a4f7b14f8048658040d873cfba

SHA1
76f281b9e67c8d2da27d91db7813dca10d6c9347

SHA256
4f6186ee23381e783a5b5b9445bba689f56696e8e5eae7286e8af77f0a098be0

SHA512
830f4d977b5e5fb582b2c592900a0986ed9c802c9fa1b5d7c74ca6922a73cca7c14dc74d0fcc851084b8385849b4457375a262dd3c50edcaf72ff7065fa637a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2E05.tmp\start_unicode.ini

Filesize
2KB

MD5
2a8a139cdab38b5f4264ae82850cbd22

SHA1
816e8acb2adc36c7f138f963a9802622dfc9536a

SHA256
94bde605292510f8ae6df19083130770ae8c754906007ea93150cab63962190b

SHA512
d6f99e88e72cfb28afc4af0780d2ac380f00f9fe9265cbbb4b8e6390e9b6ee5870a723e1971288783fd919158659ff214bab383242fa22470d9f6f1a170e2cf1

Download Submit
\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

Filesize
21.1MB

MD5
67a3aba3d9d1b3c06f7d29f88462f905

SHA1
9cad747d67a8f87086207f443a7f1083ae922ea4

SHA256
41e3451fa7dcec308581ed259849523a9f8cc5d022290c14a70f632ec55208ba

SHA512
b29c1be4025aced75b6dda309b69370403ec6a16f0bd0368bd9011cc86c23db01e438fa3c7dcbe3b877478f0527c11e0b553a5cf2a4158be9ff8687110ec99bf

Download Submit
\Users\Admin\AppData\Local\Temp\nst2E05.tmp\InstallOptions.dll

Filesize
15KB

MD5
033ee34c40e8fa85bf2739bcb2f3e186

SHA1
2ca942f35f77f37df3fc6097acac34f2e77341b7

SHA256
c91c1796338a265b49039c0b2c7a312d764b99e5174fb2dae455ca54f8f41ec7

SHA512
2204e0b8721b8d85c51bd068b1695b16ee096bfc1d1cd5843f48fd04032aeee2b6a91ce82978a4b3414f3d966ec5b36fb337a4149dae3a1d0445935d964d247f

Download Submit
\Users\Admin\AppData\Local\Temp\nst2E05.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit
\Users\Admin\AppData\Local\Temp\nst2E05.tmp\TvGetVersion.dll

Filesize
210KB

MD5
05f51bc8ffb2c8f5a2825bf5680301cf

SHA1
30f7f77dce1fb3526142780e9f5bd5c11622d6b6

SHA256
c67cbd5e35e1ce0c7ba17c55d8e2bc33afd5e0a68774554a1fe7216d330c709e

SHA512
1e041aaa37dd00414ad955ebc8c0f708589014d2085a5a0b95a31f4d694bb1cc4994bb1324d4b983cbad0449fb0a05560d82c60fdbfc78be67ff61275e451233

Download Submit
\Users\Admin\AppData\Local\Temp\nst2E05.tmp\UserInfo.dll

Filesize
4KB

MD5
9b0db6a6056e8e51ac35e602aeab769f

SHA1
b541c6d2635141cdc3a74f59d55db8df4a92e7ac

SHA256
925d80c31702a95d58ede91ee97fd842de78ca6dde69156a6c1a755fba93cd5c

SHA512
83fe9d346835940a37e0e0a18d041c9d13fc95a0e9ece3bc18e555cf0e8e7ddf7b42dba422b1e55ace31db3c9fc807e0b44e93b8f07f5acb943eaaf77b4f0ac6

Download Submit
\Users\Admin\AppData\Local\Temp\nst2E05.tmp\linker.dll

Filesize
45KB

MD5
4ac3f0ab2e423515ed9c575333342054

SHA1
a3e4f2b2135157f964d471564044b023a64f2532

SHA256
f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9

SHA512
8fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5

Download Submit
memory/2600-260-0x00000000005C0000-0x00000000005CE000-memory.dmp

Filesize
56KB

Download