2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad389201c02e4edbeff9b26be6b0ea58_JaffaCakes118.exe
Size

1.7MB
MD5

ad389201c02e4edbeff9b26be6b0ea58
SHA1

08b174b3890840b275aec4b6942772c61e07f4e4
SHA256

2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4
SHA512

b30a496bed466136c662f9b69b9504161203458d9fc5e5afbce6175a446402526705eb9c82637e6d4bcd264b26978704829786cb8ea5e6030fc6dedef611cd82
SSDEEP

49152:04PPcN/45z7p9PgYGG8BQBCqnNya/jK7:0UcO5F8eC+NT/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
10	iplogger.org

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3244	4896	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4896	ad389201c02e4edbeff9b26be6b0ea58_JaffaCakes118.exe
4896	ad389201c02e4edbeff9b26be6b0ea58_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ad389201c02e4edbeff9b26be6b0ea58_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ad389201c02e4edbeff9b26be6b0ea58_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 1300
  2⤵
  - Program crash
  PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4896 -ip 4896
1⤵
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads