174e5ed0f4d62078d217dc695a3cefada5a5c9f20f49dc72b8385a9fbf19f4bd

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe
Size

1.6MB
MD5

ad8996a547faf8c6fc181beb8f56f1d8
SHA1

8b97e2c6cd070654b586f283091964e1d8e18e93
SHA256

174e5ed0f4d62078d217dc695a3cefada5a5c9f20f49dc72b8385a9fbf19f4bd
SHA512

12c7c2215fcb53e3011b0c7a762d7c8ccc80dcdf3938fad00bb7e10eab00964a0399b7df6e10bfd66e90f9193871591e159f9477f1455dd7b369b98104c69270
SSDEEP

49152:/Zgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S92:/GIjR1Oh0TS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1556	ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1556	ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe
1556	ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe
1556	ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 1836	1556	ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe	30
PID 1556 wrote to memory of 1836	1556	ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe	30
PID 1556 wrote to memory of 1836	1556	ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe	30
PID 1556 wrote to memory of 1836	1556	ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ad8996a547faf8c6fc181beb8f56f1d8_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\25794.bat" "C:\Users\Admin\AppData\Local\Temp\88D7F7C5E952463CADEA89D4F72B00ED\""
  2⤵
  PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\25794.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\88D7F7C5E952463CADEA89D4F72B00ED\88D7F7C5E952463CADEA89D4F72B00ED_LogFile.txt

Filesize
2KB

MD5
09233df9bea450c995e109aefbdc64b8

SHA1
15e479f9c90aea49e212768de3bd0ee1bb189005

SHA256
d410f9a675380829ee49d67dc86af7dc75927e174e3a34c7f847e91014581138

SHA512
7ca811f322fb89bbc82f0dcd2c731fb5d80fe66d888e73a59819e49c9820360b42bc765973f89ae61a594370680b2aa6b6e168c72602ca8058defc596ceb9001

Download Submit
C:\Users\Admin\AppData\Local\Temp\88D7F7C5E952463CADEA89D4F72B00ED\88D7F7C5E952463CADEA89D4F72B00ED_LogFile.txt

Filesize
10KB

MD5
d02a96a6e73f174a540627c6bc827376

SHA1
d777be3c436d009af240d8da98f4aa9f33723e78

SHA256
0c151ac3292bf887cae5d69b875bbf82c8f04f97e1e5d88a43e15ba5f944667d

SHA512
9b097211e59639e0bd08fd7f73c529e848203e629f60f7f73e1dadc600c15f80238e4ced4208d169c3ab2841c8ea65e35eb8625f00bc466a0833233d553c33d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\88D7F7C5E952463CADEA89D4F72B00ED\88D7F7~1.TXT

Filesize
106KB

MD5
1f293e0b1467dd75c367ec3a3dc76614

SHA1
575a595952929413a25d1a5b0520d9877c7837ac

SHA256
daa70f1e3648909f8822088a7b9d3903a78a792061f2be8d29c2b659f691ce9c

SHA512
2419f2e269ae31935d07af925e5e7d85a9ec117aa60ff288abf23f2617d2a5bd5e65a4cbd2d9b5d08fdc54cc583c4a0d870dc1c85a75bfd314e6e009d27e399a

Download Submit
memory/1556-63-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/1556-185-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download