fb3539bc8e33c61168d0e8db8255cd4948f5b5ab7246b63dd3ce19e1d98d5750

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe
Size

1.6MB
MD5

a9e40216a6438b8242269fff9e6689a0
SHA1

7db3202a09abb5ce4b3bf016b0f2653ebde5b405
SHA256

fb3539bc8e33c61168d0e8db8255cd4948f5b5ab7246b63dd3ce19e1d98d5750
SHA512

a2df2ed4de98065c03dc38efc0c24797a0695688c8fc1a5dcc952030a4be5b7605c868d5ed9868b0f8326f6ce75e4d14894ad4aec6088ef4b593de7edc35e6c1
SSDEEP

49152:OZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S9M:OGIjR1Oh0Tg

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2184	a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2184	a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe
2184	a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe
2184	a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 464	2184	a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe	30
PID 2184 wrote to memory of 464	2184	a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe	30
PID 2184 wrote to memory of 464	2184	a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe	30
PID 2184 wrote to memory of 464	2184	a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a9e40216a6438b8242269fff9e6689a0_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\15303.bat" "C:\Users\Admin\AppData\Local\Temp\7392034247A4485E81C3C94359C6043D\""
  2⤵
  PID:464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15303.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\7392034247A4485E81C3C94359C6043D\7392034247A4485E81C3C94359C6043D_LogFile.txt

Filesize
2KB

MD5
3ea3a89f2ed3680b589789ce7391044a

SHA1
c68e1d2f1bfd29217f57f3a1adc68fd77b832351

SHA256
4516ad08b7eb3c0c6e4098f50487b6178593274468696e243316c53a457530a5

SHA512
03af10906b363293da38688e9ae3056d76e72b5952e93c9d09dfa3de5a2b984fb6c86c3806acdf1ef1a437c16156e8b5467f6852d5373e2e578ce2aeec34a4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7392034247A4485E81C3C94359C6043D\7392034247A4485E81C3C94359C6043D_LogFile.txt

Filesize
5KB

MD5
99387e7001e3281dfb108a3d328fad3c

SHA1
6adb40e7dd5a9e50684862fcfaebd801164fcea5

SHA256
380127ac345e8502a7adbf52598da7150f242808942204f7018789e0edc8050c

SHA512
513a749ae8c1462c4ebc6b468356689fe20f8bb7377b00841fb728c59fa13f92ea3389a8d6fac0db6d850d4768c4e004af4193df8186b28f1017debd03f18891

Download Submit
C:\Users\Admin\AppData\Local\Temp\7392034247A4485E81C3C94359C6043D\739203~1.TXT

Filesize
109KB

MD5
c73c17d3d1312e9f647a18e40979dc0b

SHA1
c67fcbf496656d1a80361bfece5fb550fe8283e4

SHA256
7bd06316ed8951cd8c3f767cfe3a79db0d6879dfda428ceced449657a89c8506

SHA512
4ae1164ee0c8e8d0a7f4be7e032b32b98fc4069d5a31e969e89cbc38590b8e9bbad788ec1a8f50b144fd9a05f6222ee6d3b4e6ac727bad1551e622641466d111

Download Submit
memory/2184-63-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download
memory/2184-158-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download