ca8c4dc7ebba2a891de035f4c45d9754b1b144f590d7bc5c6535035b0c07c22a

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 03:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe
Size

688KB
MD5

1493249bee099a356ce2bd7f761e8606
SHA1

5e52be5c9e1930a95b893bfeff681b0dd41b82fa
SHA256

ca8c4dc7ebba2a891de035f4c45d9754b1b144f590d7bc5c6535035b0c07c22a
SHA512

6cc7e06a0316d33d5176c320b6306aad829ea8367b9cd2c9f3cb10b4d088391c6de3d5da716fa94ea5e82b258bff7843d844fce3dad6fe48a7101f3083087883
SSDEEP

12288:Cn3NTTloFoycVCm2AxqAVM4ZBoKgXOEpjZV1JkL+ERXXYNeOQKy81B4SV:m3NTquFVQA0Af3g+EpZVrklRHKetK91n

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3064	jp2lt.exe

Loads dropped DLL 2 IoCs

pid	Process
1724	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe
3064	jp2lt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3064	jp2lt.exe
3064	jp2lt.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 3064	1724	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	28
PID 1724 wrote to memory of 3064	1724	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	28
PID 1724 wrote to memory of 3064	1724	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	28
PID 1724 wrote to memory of 3064	1724	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	28
PID 1724 wrote to memory of 3064	1724	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	28
PID 1724 wrote to memory of 3064	1724	1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1493249bee099a356ce2bd7f761e8606_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\jp2lt.exe
  "C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\jp2lt.exe" -litename "1493249bee099a356ce2bd7f761e8606_JaffaCakes118"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\Default.spk

Filesize
109KB

MD5
d234d4e66c8df098a5dc3934cc0cc71b

SHA1
3bfcca74cf4ce1d30c900a2a46a8be49a8e48911

SHA256
e8d03fa7ae11afcdd020e17141438605c3f7e4cb855ad82c744416917e0b0fae

SHA512
d78504f360752ab2cc29ffce796566e1b607f65f98f147862df3908a0bf2287198650cdb665c6c3e3559e0f659370af9b4cc5df81e63dd845ee0235b7bb7dd18

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\Media.dll

Filesize
173KB

MD5
b29cde18fae164f672e8bfcea5de37c7

SHA1
e1439a0a64d98ed038dc2999c881238c38917404

SHA256
09cf4b6bec3a1891b60156aef51fef4c831b3c37db6cea8381bb1c60128c81fa

SHA512
6548ea2759c565abc2093315899aaf87724daebba1949b778e9ab6507db835b1def5068dee2c20f6da5228989d025349138cef3bf7084f33ad146a1e11f6c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\Puzzles\aggressivedogbehavior.pzl

Filesize
13KB

MD5
89a98b51a3c6a1cc86d368e993fda9d0

SHA1
9e283075bcf86f47bba8855a33a527090a168f4a

SHA256
8f0495579e4e9c303ba2d5c5bbe407cbab39a2991d6ce5efe769fac81dfa860e

SHA512
a1f563496f0e41d49909fb77afa0bd4a29a49c60252423e43e1041afcd3a982d9067ebd66d4c3e60b39439ce321d41d85867ba5090654032d9b74df4d3916ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\data.pck

Filesize
11KB

MD5
810261516945f6611547d7c67883a0ca

SHA1
6c607c52277a7063acd623d2ebf8f917c9420463

SHA256
5dc5a977b099f4645ebab6271442d13457bfc7a91564700dc982b292933b574f

SHA512
0d44ad0f0cc833bfb0880008de607765e25f908d883186e153f3537e9da3d5e1594b6d4524f765a40602af591d8e82901080f8775cffd3734d57dbec1349cb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\english.lng

Filesize
17KB

MD5
5354dba4dab261ecba05b7b3b2ee1d13

SHA1
b227ebace8c2a02e50c5cddbb5589928062a33f1

SHA256
3aa42234872afe5b3861bc4929bcd58146f507c45a338eff3073db534907889a

SHA512
16089a0f4e22107330e96638481f06c9065d0fb70df016b288950185d368b8f72f216e7ac4603159d72a7035ef456c1ae5bba3e555a528a88baa989fb0a4e1ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\index.ini

Filesize
86B

MD5
487650f34dfdcb49880ecada35ee39f9

SHA1
2c5da552f94c18dd4293bd3561673eac06ac55e7

SHA256
e4f235776b0daa19acc519d9fe42caf4f8b6544a4e6737a146a9cd7a1d0f81e3

SHA512
0efe4800e01130b7663bca0dc384a38bb07c104ea74cfc88727b4b8b67780ff9839a5cfd5fbf81abc1f31ed05a7a0d919478599d873a8e33294bcd2521f29d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\lite.lng

Filesize
917B

MD5
d6a6b435d0fae8bea7cf58f9e6556918

SHA1
b0c37e4c0b389e321274a29f2ff0e6c49cc26495

SHA256
b5bf33f1e3d183ff260b925b4bfaa46871f1a0e03357ccdad8fff05b26066423

SHA512
e664794bcaccbf86f6c3d4424427a9062f6ab82d6f2dfe07a13aea3e315fa114213d445a084e8e543075f3e5a9d82c0a1f179a7c257b425fb51e7ba4016b3229

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\log.txt

Filesize
3KB

MD5
0dcbf2f63d6cea409c06b4155a1a2355

SHA1
bb45b4386a12b1d1eee853461e18e08e6ae5fa91

SHA256
9a7dda21b87d028177f07d25a2fedcc8c829770e3d3016260b5fce4168c1f351

SHA512
6022a794e0335ff542e98b8a292b679f989881c507d5fcb6c373a6ff2cfa4b0e4a2c8e2f3be02dba420fb2f02a3184206b72a3d2c64497b91dc8a51cd1a93ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\log.txt

Filesize
4KB

MD5
7bb557886dca9b0938625eb2dfc791b2

SHA1
598b3a6303f12d29cdbeee6e176cb5cb27682971

SHA256
96bca4738dba20c1f7030e17ac59296008db46aa9758930b420342f7129246ec

SHA512
fc3f746b176504fc2a0c60d8968d8400f60a72c1597eaca0f2d7a7e05191b0436a717560ac3dcb7994e0af56fe2cc7cf20f55669bbc8e7c97de5235a9f1e01b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\log.txt

Filesize
852B

MD5
e02f428c5817da4ab3f7f199c7c4deda

SHA1
e8c83699505a4e3efa1054f1600918bf80fb082a

SHA256
476253544463babe2e2eced46f89cf02bebbb27f0df63db2a548d76be7c73dc7

SHA512
e68838de05abd5f07894e1d1f7f5d40aae8e1615c903db3ed798c21a855edd3e1360e2b60e24933f7d56d2ba756ec0fba6599c9e44ed5e3e6d153dbecfcf0321

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\log.txt

Filesize
1KB

MD5
0b9965e4639e13109f90501081d74f27

SHA1
7ecd07f5af9e395536e2a4c430910e7d779e6fa6

SHA256
d3cabb373db752b4f5ec9387f961d83bbcfb447b4fd26013133a30bae86bf1bf

SHA512
10f1b1863eb11d77d8a844b0cade7e4990879f036c3812f673d9464e14b80b8337255066b6a949f3c9851f60d4cedaf288b8e0ce07a1750fabe3a697d2c529d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\log.txt

Filesize
2KB

MD5
a7f8b493d7102e434a65b639cc04fa7b

SHA1
9b84f1331d6eecd37ea92ccf602d77016b088dc2

SHA256
dfad6b5bee0928ecc7776506b30a44b260349c8c6bc7ed0797a5e5ea931046aa

SHA512
78851fb474319ff3f0e80952ee97e7f6acc6de00dda760bfdea1f7bd67f5128c27f76036c748e493c76d83239f7cf7380bb5398051ed92f70a6dee756df29fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1777.tmp\log.txt

Filesize
2KB

MD5
dc91fcd12ccef92ec19e362ca2b4b322

SHA1
d82a329c0913f3f76999001c51c1cd4f591c05bf

SHA256
bd8b66cac920042008a60b2278ca8243d93b0e60ecfca98b26ef7e5060cff155

SHA512
dcfbfe04fcc88a769ff8ba3aadf0a3d4c3524f57c210bedff1f8e071c4b78cd8d32b922efad138e942947db67dcbdc384012df901a2ad2374dfa4aada8ab9a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\ts1C86.tmp

Filesize
128B

MD5
2a0b1e61b6a025358da9b24fe8948f1d

SHA1
f9ccbf12b44160c5a0a02a8195398d31c3391151

SHA256
9c057c42e70f4c19450cceaecffa1ff1246fdff5de02f28aa90c145cdaaa1284

SHA512
48779a4b97c636c88a1ff167c106de403c947948f225d1a4a52b85439a701e33c5672a20d2ce52cff10a9233278b5b708558cc34a28d87144d3cda0869307123

Download Submit
\Users\Admin\AppData\Local\Temp\tll1777.tmp\Jp2lt.exe

Filesize
733KB

MD5
b05c9d19de9acf53b551882b1f6ace9b

SHA1
a01c58d0fc306ee3fe5ae638d5fc0475478a7e82

SHA256
9565c0dfa6408edc3c8d0e5952446f72e405d71df2a4ba45c0b99c9a6bcb6700

SHA512
54f0cf6886f8bf86520b06efc3a70f702dfd3fb04361f3c39705db7354285ccd8ae637d3aa2b6b5ec875a944ff0c7d24028621453afee9f408e2536e1db77cf8

Download Submit