e00ff9444b6b0dcbb2ba3bde14ff7ecb9da48a0bedd378f53673095982334cce

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 12:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe
Size

45KB
MD5

160d8ba17f5ce4a3f9947b888b888409
SHA1

183865324b2ebecc37ad8b70417ddce8700d4c3d
SHA256

e00ff9444b6b0dcbb2ba3bde14ff7ecb9da48a0bedd378f53673095982334cce
SHA512

49cde488a01830e1892b3b7b0abb65b4dabb3be01bb4e93ef9da0e6aef3e49920c54333a3511cf338b537ef768fb8f760593b848d1b77a49b47659e754c40bc3
SSDEEP

768:bcjOIbHCllM3wsgQqV1zbPBaJL4YwGJAwYimM9Wa19efJmRN:bBjVsgfVNk13wGVYimM999amX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2332	update.exe
2612	update.exe

Loads dropped DLL 5 IoCs

pid	Process
2132	160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe
2332	update.exe
2332	update.exe
2332	update.exe
2332	update.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2332 set thread context of 2612	2332	update.exe	29

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2332	2132	160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2332	2132	160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2332	2132	160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2332	2132	160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2332	2132	160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2332	2132	160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2332	2132	160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe	28
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29
PID 2332 wrote to memory of 2612	2332	update.exe	29

C:\Users\Admin\AppData\Local\Temp\160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\160d8ba17f5ce4a3f9947b888b888409_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\update.exe
  "C:\Users\Admin\AppData\Local\Temp\update.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\update.exe
    "C:\Users\Admin\AppData\Local\Temp\update.exe"
    3⤵
    - Executes dropped EXE
    PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\update.exe

Filesize
22KB

MD5
352ed507c065159a267878d1dfddff48

SHA1
80b2b566772271a4eb773f8344ce375ceb206f87

SHA256
9ffa1db550e1e5290491d0216d5f56265a5f8da4e911ac476b0cd815dcbb7583

SHA512
21c4cdd32d3b543c75fd80f1bc1b26d15b10207dec2ed05aad32694ccd7d04c124879baa1386363f794ae196ab351987d7a3690f9ab1e65450b05d432a7dfed3

Download Submit
memory/2132-5-0x00000000003F0000-0x00000000003F8000-memory.dmp

Filesize
32KB

Download
memory/2332-17-0x00000000000E0000-0x00000000000E8000-memory.dmp

Filesize
32KB

Download
memory/2332-27-0x0000000000100000-0x0000000000108000-memory.dmp

Filesize
32KB

Download
memory/2332-9-0x0000000000100000-0x0000000000108000-memory.dmp

Filesize
32KB

Download
memory/2332-16-0x0000000000101000-0x0000000000102000-memory.dmp

Filesize
4KB

Download
memory/2332-15-0x0000000000020000-0x0000000000028000-memory.dmp

Filesize
32KB

Download
memory/2332-14-0x0000000000020000-0x0000000000028000-memory.dmp

Filesize
32KB

Download
memory/2612-23-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2612-22-0x0000000013140000-0x0000000013179000-memory.dmp

Filesize
228KB

Download
memory/2612-20-0x0000000013140000-0x0000000013179000-memory.dmp

Filesize
228KB

Download
memory/2612-19-0x0000000013140000-0x0000000013179000-memory.dmp

Filesize
228KB

Download
memory/2612-18-0x0000000013140000-0x0000000013179000-memory.dmp

Filesize
228KB

Download