4936f629d967a3f1c3d0e166c23cb89459baf296e27901aa4c63f045451e5871

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe
Size

1.6MB
MD5

a64393b07e9530c7a20e413ab537b720
SHA1

df4a19620ae53978c87674776f058f4b4bcf7a11
SHA256

4936f629d967a3f1c3d0e166c23cb89459baf296e27901aa4c63f045451e5871
SHA512

d3462d57d912d9d74ff97bf98ae6ff5dd857f794190779cda6fb0b99793831136847c3af834c8c85fb098ec65cc1fe081074eaec7fdbc76abaf9b41cf60b738e
SSDEEP

49152:sZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S98:sGIjR1Oh0To

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1728	a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1728	a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe
1728	a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe
1728	a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1544	1728	a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe	31
PID 1728 wrote to memory of 1544	1728	a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe	31
PID 1728 wrote to memory of 1544	1728	a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe	31
PID 1728 wrote to memory of 1544	1728	a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a64393b07e9530c7a20e413ab537b720_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\10977.bat" "C:\Users\Admin\AppData\Local\Temp\9461848C58E3422FB8F97C08432BB925\""
  2⤵
  PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\10977.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\9461848C58E3422FB8F97C08432BB925\9461848C58E3422FB8F97C08432BB925_LogFile.txt

Filesize
670B

MD5
6adede149f3e56045dbac400b179a681

SHA1
0614bc7a7198b05d63e57538179163afd669fc09

SHA256
465e40ede590afdaf7a37c4260212a3a491ec817d86f62378c2759f833753797

SHA512
a00c0b4bd4415ca5e1462d2b1943ebfbcbb70f5817626cd222d58106e0c80ac0484b975ca7a0a0a4b55589d52d78a0d26b1b8f7d209bf2b43d5dcfb011e1e5f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\9461848C58E3422FB8F97C08432BB925\9461848C58E3422FB8F97C08432BB925_LogFile.txt

Filesize
2KB

MD5
793035afc3db8a98127c28b1161d9144

SHA1
3d704faa3af59392de7bc7187da52e01d61989f2

SHA256
53848e1c5815b91dc179c081665c0c6f391301ae30330f457d67de3cbabccb0b

SHA512
3f738a2d1f8167e0f298f252a6d0d404aa6536fff3f2599bd1c596e249604f975e42762b72cc6257a53d9a1bf32c15b8fcae5fb074ae8b4a3a9f0c168bea8680

Download Submit
C:\Users\Admin\AppData\Local\Temp\9461848C58E3422FB8F97C08432BB925\9461848C58E3422FB8F97C08432BB925_LogFile.txt

Filesize
5KB

MD5
2b4dd18c9e7f3ff4889a1717bbd96918

SHA1
645cd36b270aa6f3063283f2a7d035b1225dd295

SHA256
4b96b52caca28194308bae6f7dd27fb43a9784b62723198d338789555c795208

SHA512
54a9ea4adbcce6a20a8b1d1ebb1920c02cc5c635c43f36e6e614128909a4f21a3761780a19bc36749487d57569a47290fd3a044ed07529d113a7325997463383

Download Submit
C:\Users\Admin\AppData\Local\Temp\9461848C58E3422FB8F97C08432BB925\946184~1.TXT

Filesize
102KB

MD5
9e262d0811d4579b6779a8bd79286e4b

SHA1
143ebd2918d94b16bc799744c890b71649c0fa35

SHA256
44bd653e2ee01087be5f1367b23a5989c7ee08ad76703327a09478dfac2004f7

SHA512
1152bd856f1b3b2403c0f4c5833f3ad8db6d5e9fab7cafe4678942d15a15d8273de427ded14d2f44fa26134e347ba85c345fd76db171e7487e1590bfb100d174

Download Submit
memory/1728-61-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/1728-183-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download