f41d345b0bbf9e7cad979950a8700204ad2d5241953771f54b3df1d67aedbe94

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe
Size

888KB
MD5

074416033f8f4a0c786a6c299af897ec
SHA1

fc42ff98b6778d54cfea6245c11da68bbaddcc94
SHA256

f41d345b0bbf9e7cad979950a8700204ad2d5241953771f54b3df1d67aedbe94
SHA512

19294cb407a5b71422a762df5cdfff555b6a5ccba7cd6c206a1a1ba74fe172755f3a4b4faad94870eb76a8a436b6bffe78f096487a134893f1a76598f2f3b7c8
SSDEEP

24576:gRQ+0rX+aA64bVx73Pnq3Stj28fxGK5lGGPc:8x01A64px/gUGr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1140	074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe
1140	074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe
1140	074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe
1140	074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe
1140	074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 1800	1140	074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe	93
PID 1140 wrote to memory of 1800	1140	074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe	93

C:\Users\Admin\AppData\Local\Temp\074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\074416033f8f4a0c786a6c299af897ec_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://downloaddirect.com/software/xvid571
  2⤵
  PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5348 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:3828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4876 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4612 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5560 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:3088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=3892 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5968 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5504 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsyCEE.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyCEE.tmp\blowfish.dll

Filesize
60KB

MD5
926e4475c00fb5254c32c876921b77d0

SHA1
8a55bc8b6e49021a4abbd441783c41d5e019798b

SHA256
d54c8582863c079996c4f1113b1c106204773ad9ea2ae831ba2b33b45bafdfa8

SHA512
53f389e1a967c123ed591c7650cf6d3140abf1012dcac90faf2327e68558949eb2b19905098bd14ab3a9811d23f98466f88418d992ca6373f94afae56a285bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyCEE.tmp\nswg.dll

Filesize
182KB

MD5
4f2b563f712670211d0e932e43b6e277

SHA1
53014306f362c90af7f58ad546237e6310e58fd3

SHA256
9319a8a37139cbc5ac27e9f4c4583d615929a9ea681f5212a5f7bad07fcdbdff

SHA512
414839a7e4b4d07d4f9c0b10ec708d12547b6866b9567383c0784abb77631a1b60e24a4d450980f8f6c97249b319150062566e12d44bd35b476f9f06aec66652

Download Submit
memory/1140-16-0x0000000004F00000-0x0000000004F33000-memory.dmp

Filesize
204KB

Download