Overview

overview

7

Static

static

1

9c1b8d20a2...18.vbs

windows7-x64

3

9c1b8d20a2...18.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c1b8d20a27c91d5a570b401280b1f88_JaffaCakes118.vbs

  • Size

    6KB

  • MD5

    9c1b8d20a27c91d5a570b401280b1f88

  • SHA1

    f3c434f4f503585a99310073d208cb071b001e9d

  • SHA256

    25d5a53f6550d9888fbf357520790a8e7e6d3b167c5436b50c83a3b4f744cfd8

  • SHA512

    98c030e39f9988bc436d35c10243a456089d3cf09157fef720af1fc9b3c9313c8a0397c4207a6f23386db2898a224861d01022de1fd12668db54c1222019936e

  • SSDEEP

    192:f8NFPJUUEeUIsDaoPlIdAlNE9AsC8XI81DiFwKy:f8LJUUEeU9DaqoAlNE9TC8XI81DrKy

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\9c1b8d20a27c91d5a570b401280b1f88_JaffaCakes118.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Users\Admin\AppData\Local\Temp\9c1b8d20a27c91d5a570b401280b1f88_JaffaCakes118.vbs" uac
      2⤵
        PID:2656

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\aveia.xml
      Filesize

      31B

      MD5

      2dcce00772d31f92cf73754f3ad80ce1

      SHA1

      5a429132b71a3cc7d1206cea61a7ad32127d413d

      SHA256

      030feda0a2247ed0badc9f8dac21d88c108576f00f8b31eb4ec48348b17cac3e

      SHA512

      1c22e4358ee6daba5c724ed99e9a6d7173ba863091d64757120d67ab5431ca9a4298a5aa074ccfaf4f6ba4880d1ade3c2213ce37a603bcd7317c770dd607cac9

      Download Submit

    • C:\Users\Admin\AppData\Roaming\nomeprocesso.txt
      Filesize

      7B

      MD5

      ac41abce4559bc292a8af98f6d3068e8

      SHA1

      217a362a2ec8a27e4bb1c38e03f1d3384f0a45fe

      SHA256

      66ebf2427ff999ed4468ef6c71a64110e4b73ddea646123b72cdfea4c7f217a9

      SHA512

      cde0952d5db0c1f5707175ca060154cd7ce5ab62be9f9c336c1828d5d29a65822e072469bf698b5d12d9b4d4b60a7471a0295564a987863d36a116370f58d915

      Download Submit

    • C:\Users\Admin\AppData\Roaming\pathappdata.txt
      Filesize

      30B

      MD5

      5ac397373adfe6abb5e69b9832edb936

      SHA1

      4e34052626bce05c257561bdd649ae4d43b1a3f2

      SHA256

      4922d57aa75872235bb122c2a2a32ce53589f83afed2aeaab9101f115c72ebde

      SHA512

      543069c355b9114212582dbad278b6e43fe32c21f69eb965e68c25f65036851d1c76f9cae5c254a2a7fe415482ed024c3709e33b6164c95835063b0f7dfbb38b

      Download Submit