f462794ba19af6d7b1873e9ca549e782ff2b741b2b771561e5aa253fffad7b50

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03bfe43767e0ef0f4c25be7e1c194e99_JaffaCakes118.exe
Size

174KB
MD5

03bfe43767e0ef0f4c25be7e1c194e99
SHA1

03cb2a71178a8c49b492cc302880c67a2ac741c0
SHA256

f462794ba19af6d7b1873e9ca549e782ff2b741b2b771561e5aa253fffad7b50
SHA512

5dee46b555cd9eae77448a7ed3c04454a038bd5bdb2edd9b7d396f343e153f7da04baed08047ae8bfee7182737da0ccb9bcd3b6d2722455dfa93065a5605cc27
SSDEEP

3072:frWExEuH8TNDwBZYFrLtWVaxQ+o3jo4sJsxTTsbPeXq/WDkc:aUEVdtQ+4oixI20WDk

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1176	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1176	2436	03bfe43767e0ef0f4c25be7e1c194e99_JaffaCakes118.exe	28
PID 2436 wrote to memory of 1176	2436	03bfe43767e0ef0f4c25be7e1c194e99_JaffaCakes118.exe	28
PID 2436 wrote to memory of 1176	2436	03bfe43767e0ef0f4c25be7e1c194e99_JaffaCakes118.exe	28
PID 2436 wrote to memory of 1176	2436	03bfe43767e0ef0f4c25be7e1c194e99_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\03bfe43767e0ef0f4c25be7e1c194e99_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03bfe43767e0ef0f4c25be7e1c194e99_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Gtf..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Gtf..bat

Filesize
238B

MD5
283dc3b159fe0e193585df82f374e0f1

SHA1
c112aa6fc0c70ac5fe6881aed6616be9902beba9

SHA256
507d9b4a0361ed5767913e3c83305b625fd356b802953e1e890c12ef9d10638f

SHA512
26b74f672a07904daf26999f139d568ed4b92dc13253925ea9f87db3f758d66de7b36a3f18f72977b17088d8f7fd9c7228151eb7d7b9609313464c7bfcef3359

Download Submit
memory/2436-0-0x0000000000250000-0x000000000025F000-memory.dmp

Filesize
60KB

Download
memory/2436-1-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2436-2-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2436-4-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download