Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
16/06/2024, 11:05
General
-
Target
b32dc5beec05eae4dec426c3e78a6c4b_JaffaCakes118.exe
-
Size
100KB
-
MD5
b32dc5beec05eae4dec426c3e78a6c4b
-
SHA1
908ee350e7eccc7252c21add8b157ea6e9f2cf47
-
SHA256
642e2a85e6e52292e02d56f94d2a0891b16d901af0fccfd1c66053bcde66c3e7
-
SHA512
b28c34180e4a5e83c340fecdcb564ed1c6a06c36b3ddc3bc0cc238d51987b712388b83175f3658dc462cbbb6cdefc569d42f3446e1fef0425d76d0f251150937
-
SSDEEP
1536:TP7ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIfjwzsjM52G:TjFfHgTWmCRkGbKGLeNTBfjcsjY
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b32dc5beec05eae4dec426c3e78a6c4b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b32dc5beec05eae4dec426c3e78a6c4b_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\5B1B.tmp\5B1C.tmp\5B1D.bat C:\Users\Admin\AppData\Local\Temp\b32dc5beec05eae4dec426c3e78a6c4b_JaffaCakes118.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Microsoft\Internet Explorer" /v svcVersion3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg query "HKLM\Software\Microsoft\Internet Explorer" /v svcVersion4⤵
-
-
-
C:\Windows\system32\chcp.comchcp 12523⤵
-
-
C:\Windows\system32\chcp.comchcp 8503⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind /i "Windows 95"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind /i "Windows 98"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind /i "Windows Millennium"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "Microsoft Windows [Version 5"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "XP"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "2000"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "NT"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "Microsoft Windows [Version 6.0"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "Microsoft Windows [Version 6.1"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "Microsoft Windows [Version 6.2"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "Microsoft Windows [Version 6.3"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" VER "3⤵
-
-
C:\Windows\system32\find.exefind "Microsoft Windows [Version 10.0"3⤵
-
-
C:\Windows\system32\reg.exereg Query "HKLM\Hardware\Description\System\CentralProcessor\0"3⤵
- Checks processor information in registry
-
-
C:\Windows\system32\find.exefind /i "x86"3⤵
-
-
C:\Windows\system32\PING.EXEping -n 15 localhost3⤵
- Runs ping.exe
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5a39d145eacdc4fcf56f43b1e636ebedb
SHA14c19d3d684e0196ec3e4238e7898822f9010b8f1
SHA25649982e24bb1d13c5c862f375c97f05848728cb4e539d63f5114156aca26de00f
SHA512ca5f14e701365772f044ee740e0d1b4f95302aa9b97b3736c0b172ee13f0c118552ae8f258f9af2e12bc31cad8e38e4dd9f4e8de59ec39a371d83ee606a4c299