b62a3ac2a5850cfe67e4b720979ef147f3de70a8dd9fc5e534c8b79433a6a966

Analysis

max time kernel
51s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 18:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe
Size

3.6MB
MD5

089e5228daf259a6d1ddda4354b1d80d
SHA1

7060e91f54330b3c01f12193b381e49ce42aecf9
SHA256

b62a3ac2a5850cfe67e4b720979ef147f3de70a8dd9fc5e534c8b79433a6a966
SHA512

87af158384f8a8becfec7e4a0d0f3adba00653f3d597da234dc9848047f44c9fd61d10cc935f863441e17b2f129903414aacbef63c378fd1d4bcc50b75216413
SSDEEP

49152:q0c24StiTTsdoNDjoJSFWWCycq1mFDbPd3Zm7BmKGMkO/VcmFJRUZYUxPIadLmEM:q36ivJDiSFdph1mPYAlO/hJ6ZYWhqnn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3360	InstGameInfoHelper.exe

Loads dropped DLL 3 IoCs

pid	Process
1724	089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe
1724	089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe
1724	089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 3360	1724	089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe	82
PID 1724 wrote to memory of 3360	1724	089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe	82
PID 1724 wrote to memory of 3360	1724	089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\089e5228daf259a6d1ddda4354b1d80d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\nsd4F3A.tmp\InstGameInfoHelper.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd4F3A.tmp\InstGameInfoHelper.exe"
  2⤵
  - Executes dropped EXE
  PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd4F3A.tmp\InstGameInfoHelper.exe

Filesize
99KB

MD5
3d3d2bf9c42dbdf97247775c00f22190

SHA1
7a046170aaeb5e1a29d8c8cd7c32225f49237aa1

SHA256
59f09ba2c79a209008e76d0478bb691a9fdb2180d84318d9fc73b10401aa853a

SHA512
6e66c4ff467e286cd5dc1d4ccd412fec32cfd01514db6c339fd275eaab5f3b549e223e9330bc61ff19048df70b81b66dfcc78ac351aa2c5ff45cf8d197140466

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4F3A.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4F3A.tmp\ftdownload.dat

Filesize
512B

MD5
9b41fce90019cb6452c0ca494849a084

SHA1
86b1e7f4b72fb30563c24589caa1834db5105a9e

SHA256
da0cc258b83d716bc766a3c8b9d53c9663838773058eb20ccc763f6f68ecc878

SHA512
59f70bac1854870ad36a06a92fbdf0305c936fdd322819ed4ced31cd25c2328d4b941545fa6b9f5035ad3d74e3619ebb60c46e820c00ee602d792c28f8c5aa4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4F3A.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit