1b63787cde88abf3d586355865380da0de01c60b9281cfb4302caf898baaa12e

Analysis

max time kernel
134s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15a5a9bd9b4635ba1db196f3cd598e9b_JaffaCakes118.exe
Size

791KB
MD5

15a5a9bd9b4635ba1db196f3cd598e9b
SHA1

afbbd781c31944c8592df6b79af79e06f9a48235
SHA256

1b63787cde88abf3d586355865380da0de01c60b9281cfb4302caf898baaa12e
SHA512

2abf23250864cfa0ea1097431497c100067de49a5bba7f13e5fe43525cfc9c5ac2031f5e9590c874db80f1d4728e72d71e36d4293e9be9e5e784aec3547c66c4
SSDEEP

12288:16SKqT31T6WpJY6V765jKqostkm3ObY5XwotTt7UN3:0xqT31T6WE6I5jKqosOm+bY5XwCtQN

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 1380	3732	15a5a9bd9b4635ba1db196f3cd598e9b_JaffaCakes118.exe	85
PID 3732 wrote to memory of 1380	3732	15a5a9bd9b4635ba1db196f3cd598e9b_JaffaCakes118.exe	85
PID 3732 wrote to memory of 1380	3732	15a5a9bd9b4635ba1db196f3cd598e9b_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\15a5a9bd9b4635ba1db196f3cd598e9b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15a5a9bd9b4635ba1db196f3cd598e9b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\s.cmd
  2⤵
  PID:1380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\s.cmd

Filesize
249B

MD5
b6e6cddf8a1d88fb06850ac000c30e25

SHA1
1f11bb1b2fd9ef1bf978ad57e78271bcdc1bc186

SHA256
5cc017ae5d6868615f91f481929591d6bcb13a01dc811aa21f0cdc97aa4a2b46

SHA512
ebf27624103e3576daf844255f83902e27c6527d640327a07bb0e64fe88f59a516fb9c3afeb0ebbda424ecc11fef48e60dbcce6b26d8b2ecc0d87a86ba2825c2

Download Submit