cd2aede691a4fb0d57d598a741ca41949d5cde95bb8e0ca6506183ca0bb49f24

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe
Size

520KB
MD5

b7eb2b5b1915c7324bcee3d4e6188f96
SHA1

bd2a7466d1528035582e72746570c7b924dfd1be
SHA256

cd2aede691a4fb0d57d598a741ca41949d5cde95bb8e0ca6506183ca0bb49f24
SHA512

e2a0c3790d3b4a4743cc9588969ad0910742c564a54f713328540c78a219e764ff1c9b8b0b1711fc4aa9fe1b7edc529e35e82cabaa7c3565d199e0069ca432f9
SSDEEP

3072:S6h/T4FL5vCZelJr6H/hqd87COVSUBcfSPD2YqUGM:SM/cakiqOnt2fqaYNG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3068	b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe
3068	b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe
4724	b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe
4724	b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe
1448	etlcompile.exe
1448	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe
5092	etlcompile.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4724	b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 4724	3068	b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe	82
PID 3068 wrote to memory of 4724	3068	b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe	82
PID 3068 wrote to memory of 4724	3068	b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe	82
PID 1448 wrote to memory of 5092	1448	etlcompile.exe	87
PID 1448 wrote to memory of 5092	1448	etlcompile.exe	87
PID 1448 wrote to memory of 5092	1448	etlcompile.exe	87

C:\Users\Admin\AppData\Local\Temp\b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Users\Admin\AppData\Local\Temp\b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\b7eb2b5b1915c7324bcee3d4e6188f96_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  PID:4724

C:\Windows\SysWOW64\etlcompile.exe
"C:\Windows\SysWOW64\etlcompile.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\SysWOW64\etlcompile.exe
  "C:\Windows\SysWOW64\etlcompile.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1448-18-0x00000000006B0000-0x00000000006C7000-memory.dmp

Filesize
92KB

Download
memory/1448-19-0x0000000000690000-0x00000000006A7000-memory.dmp

Filesize
92KB

Download
memory/1448-20-0x0000000000E20000-0x0000000000E30000-memory.dmp

Filesize
64KB

Download
memory/1448-14-0x00000000006B0000-0x00000000006C7000-memory.dmp

Filesize
92KB

Download
memory/3068-0-0x0000000002FC0000-0x0000000002FD7000-memory.dmp

Filesize
92KB

Download
memory/3068-6-0x0000000002FE0000-0x0000000002FF0000-memory.dmp

Filesize
64KB

Download
memory/3068-5-0x0000000002FA0000-0x0000000002FB7000-memory.dmp

Filesize
92KB

Download
memory/3068-4-0x0000000002FC0000-0x0000000002FD7000-memory.dmp

Filesize
92KB

Download
memory/4724-7-0x0000000000710000-0x0000000000727000-memory.dmp

Filesize
92KB

Download
memory/4724-12-0x00000000006F0000-0x0000000000707000-memory.dmp

Filesize
92KB

Download
memory/4724-13-0x00000000006D0000-0x00000000006E0000-memory.dmp

Filesize
64KB

Download
memory/4724-11-0x0000000000710000-0x0000000000727000-memory.dmp

Filesize
92KB

Download
memory/4724-28-0x00000000000B0000-0x0000000000134000-memory.dmp

Filesize
528KB

Download
memory/4724-29-0x00000000006F0000-0x0000000000707000-memory.dmp

Filesize
92KB

Download
memory/5092-25-0x00000000012C0000-0x00000000012D7000-memory.dmp

Filesize
92KB

Download
memory/5092-21-0x00000000012C0000-0x00000000012D7000-memory.dmp

Filesize
92KB

Download
memory/5092-27-0x00000000012E0000-0x00000000012F0000-memory.dmp

Filesize
64KB

Download
memory/5092-26-0x00000000012A0000-0x00000000012B7000-memory.dmp

Filesize
92KB

Download
memory/5092-30-0x00000000012A0000-0x00000000012B7000-memory.dmp

Filesize
92KB

Download