f584b885ba0a3a0287fd610f22cd78474b935394916cc1767f12aa5b8ac8ac5a

Analysis

max time kernel
141s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.exe
Size

7.5MB
MD5

a53587ceacf7babf7663f72c0e0fd886
SHA1

bd9b9ccd49eee21fdab6b92a3a546f9e36921f38
SHA256

f584b885ba0a3a0287fd610f22cd78474b935394916cc1767f12aa5b8ac8ac5a
SHA512

9eda8e14084d65bac07026c98f75b5bc3a3fa3e4c9d87e77503d38ff6155add02ab2c61cce42fbe4f7dcbdcafbae6d9d4f5d12537a891b5692f4a4bd8d474136
SSDEEP

196608:23MCvWkqxhFxwBxMfA9xryN/OZ/g8+OvZLOpCHni:2355qxhsMfOcNmZI83Nhi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1012	a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 1012	2952	a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.exe	82
PID 2952 wrote to memory of 1012	2952	a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.exe	82
PID 2952 wrote to memory of 1012	2952	a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\is-PVF8H.tmp\a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PVF8H.tmp\a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.tmp" /SL5="$C0066,7565999,53248,C:\Users\Admin\AppData\Local\Temp\a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-PVF8H.tmp\a53587ceacf7babf7663f72c0e0fd886_JaffaCakes118.tmp

Filesize
671KB

MD5
acec08a952e0b9a24afe1f95bb335e11

SHA1
edd75d5928d96c0eddae2fc88bc52787357acc46

SHA256
52976fc5d14c217b0b50f4c95e81cd82494430035d15bbcd586303f6b5f63b44

SHA512
93b3a2964857e0cb3ef4425a33279b16f7a914d1ce585406141f81680ce9a469f41c4199cfc3acaf0246a4d978dcbf22bfa68978217054c9b04b93b8280716a7

Download Submit
memory/1012-7-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1012-14-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2952-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2952-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2952-13-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download