a63b2a30267f9f805e0f2bc8a4e0d678255f954feac6abd1d20b4cf6b66eb129

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16-06-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe
Size

1.6MB
MD5

b51bbbf66d072c5e5f1a317470d22047
SHA1

678f95e2a0ff266c59a14f17d1598b964be9411e
SHA256

a63b2a30267f9f805e0f2bc8a4e0d678255f954feac6abd1d20b4cf6b66eb129
SHA512

43044574adface453e7280dd18bf2e7e3d3f5a7f675ad0577f9967779b95fe60dafca8b167992481d2c9c3fea148a8f64c96135729c81cbb7940e08bf7b8f629
SSDEEP

49152:OZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S98e:OGIjR1Oh0TT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1952	PING.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2460	b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2460	b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe
2460	b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe
2460	b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 1344	2460	b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe	30
PID 2460 wrote to memory of 1344	2460	b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe	30
PID 2460 wrote to memory of 1344	2460	b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe	30
PID 2460 wrote to memory of 1344	2460	b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe	30
PID 1344 wrote to memory of 1952	1344	cmd.exe	32
PID 1344 wrote to memory of 1952	1344	cmd.exe	32
PID 1344 wrote to memory of 1952	1344	cmd.exe	32
PID 1344 wrote to memory of 1952	1344	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b51bbbf66d072c5e5f1a317470d22047_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\3607.bat" "C:\Users\Admin\AppData\Local\Temp\7EF5FE481DE7477694D7EA6E3222A0DD\""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1344
- - C:\Windows\SysWOW64\PING.EXE
    ping 1.1.1.1 -n 1 -w 1000
    3⤵
    - Runs ping.exe
    PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3607.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\7EF5FE481DE7477694D7EA6E3222A0DD\7EF5FE481DE7477694D7EA6E3222A0DD_LogFile.txt

Filesize
2KB

MD5
2df0fb1f1fdad926b22d4cdc0dc1e6c4

SHA1
b6b2fe78e172197df578f25fd88708f404c64950

SHA256
6484ca200664043530b8fbdd4f8c580c734f8228bf7ee1299ce66b694852eb28

SHA512
067f21be3a40507983ad4bf853afda079804376e49ca5cc11e7257e70a20521854209106bc706cd38bd5b541a49b544da02d721c9879c87c17cc9176f5722ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7EF5FE481DE7477694D7EA6E3222A0DD\7EF5FE481DE7477694D7EA6E3222A0DD_LogFile.txt

Filesize
10KB

MD5
b75de62bdeb009c5825599106dd174da

SHA1
a8ca231b1f67fe1a7bc41384951db5d19aa4cefd

SHA256
66b91c4ed3661575fb41edb17ffa74e83263bff2836e09913ee2607b81bfae67

SHA512
6c519f7e166b6c725635b2c1fe74a64299a00d282e5f1a8c190bb74a57418d199eefafac0a1d09b32bdf2011b1517e477640dcefd16784ecba6c673eb164254f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7EF5FE481DE7477694D7EA6E3222A0DD\7EF5FE~1.TXT

Filesize
104KB

MD5
50bebb7f22231737e462a040591b79e0

SHA1
5b488bb0a8170155fc7649d428d9de50cc47068c

SHA256
59693341254f5e2566dc87e7befbf682f6f240bcf93d8fd63b90ae5cdae246dd

SHA512
1a6c48d3c9301c9046320c5506a8de3ae6011bd0785598827b7ffc94d8ed58c90d74c3896b208931d2112e20861685412068979b8f1993e9f24fc8056423d693

Download Submit
memory/2460-61-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/2460-183-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download