5f6b2b5c87a4bd38775595619192cb1aaaa0c7023ec9e4c4e7666c75a6c21bae

Analysis

max time kernel
141s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1632dff657799587de381672943069ee_JaffaCakes118.exe
Size

2.8MB
MD5

1632dff657799587de381672943069ee
SHA1

e6500282f20f548abedb1d77b93cd8704fbd9ce0
SHA256

5f6b2b5c87a4bd38775595619192cb1aaaa0c7023ec9e4c4e7666c75a6c21bae
SHA512

5297867cecbd642636fa9f30bf2e06f9dcca9abbb6c8f53b918e91b4af940799572e1581867df906465d933ccfdfc56dd5b9c576b929bac620083bad64a8678a
SSDEEP

49152:v2Ns/wagaZ86BoBqOg6vCYw8bY0LYm0xSofFVXd0Ue5VoUB1dnaV:uNs/wa8Y0qJt+bYTm/otVlqVocA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5076	1632dff657799587de381672943069ee_JaffaCakes118.tmp

Loads dropped DLL 1 IoCs

pid	Process
5076	1632dff657799587de381672943069ee_JaffaCakes118.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 5076	2368	1632dff657799587de381672943069ee_JaffaCakes118.exe	82
PID 2368 wrote to memory of 5076	2368	1632dff657799587de381672943069ee_JaffaCakes118.exe	82
PID 2368 wrote to memory of 5076	2368	1632dff657799587de381672943069ee_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\1632dff657799587de381672943069ee_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1632dff657799587de381672943069ee_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\is-PC4N4.tmp\1632dff657799587de381672943069ee_JaffaCakes118.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PC4N4.tmp\1632dff657799587de381672943069ee_JaffaCakes118.tmp" /SL5="$B00AE,2575476,53248,C:\Users\Admin\AppData\Local\Temp\1632dff657799587de381672943069ee_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-6312B.tmp\Games.inf

Filesize
183B

MD5
4c7af566ebcf81194975d0379757053d

SHA1
de744c564f0c4afcc09b489f81591a02b51c5387

SHA256
824b0d39d03e0d6940dc68ec7b78426232f2c0ec9ae68e20622e91031bc06ebf

SHA512
0940bdc5c90fd0c8c2f24106df742e135d7749f0b91bbad9b09db6be0d9a89fa21b8f5ce309178f327bb8560f1b8913b9718c9abdc94089cb3e80cd1a0b43ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6312B.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PC4N4.tmp\1632dff657799587de381672943069ee_JaffaCakes118.tmp

Filesize
669KB

MD5
52950ac9e2b481453082f096120e355a

SHA1
159c09db1abcee9114b4f792ffba255c78a6e6c3

SHA256
25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

SHA512
5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

Download Submit
memory/2368-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2368-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2368-33-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5076-7-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/5076-34-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download