d963cbe8453410223be432b0c881db5895619e55aeb3af5407dd793da76fc1e2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

037ce112a56292929d5114187d0f1878_JaffaCakes118.exe
Size

79KB
MD5

037ce112a56292929d5114187d0f1878
SHA1

ac3c68ee4aa4a968272222b10e8f2cb8a5df2654
SHA256

d963cbe8453410223be432b0c881db5895619e55aeb3af5407dd793da76fc1e2
SHA512

5a4764cfa31e93828ecf5160b6ebe00d6d254b9ef230d4aededf6d1c457e805ebc37e42543cea9cfdb6b5e3c0f402d0933fc273ded5a52b441b0936dd1f41a2f
SSDEEP

1536:am69tHN0YCeFxJeK30BEGyUUx++TYSmAgCeTR8yEAwot1dh8T:e95NHJeK30Izx+wYtpfT6yESt1dOT

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2824	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2824	2952	037ce112a56292929d5114187d0f1878_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2824	2952	037ce112a56292929d5114187d0f1878_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2824	2952	037ce112a56292929d5114187d0f1878_JaffaCakes118.exe	28
PID 2952 wrote to memory of 2824	2952	037ce112a56292929d5114187d0f1878_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\037ce112a56292929d5114187d0f1878_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\037ce112a56292929d5114187d0f1878_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Jff..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Jff..bat

Filesize
238B

MD5
e85c540df622f9e5d98a911073952ee2

SHA1
7d184a92b1e461c6168c97d94efcecdf2de4b3dd

SHA256
df5637ec552dd17b964a9e11639133f7dd973f2883309b81086847b0d08a1aa1

SHA512
00085021d6783b030157b0ce2786457829a5e82e293e587b516dbf27dc91631dc4a973c105a0dd54109abf5cc13dbcc83b2ed408de997d637a38c8d9d79f319f

Download Submit
memory/2952-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2952-1-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2952-2-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2952-3-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2952-5-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download