Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
28/06/2024, 01:34
General
-
Target
184f60df3eb796a4dcee95c11c3978e4_JaffaCakes118.exe
-
Size
246KB
-
MD5
184f60df3eb796a4dcee95c11c3978e4
-
SHA1
e3b5e4b0a54d0825f64f53b91bc665299f3190b0
-
SHA256
650767f3a21b1531725ccb9aaeceb85889c96260b9cf67cb7fd6fa0c5e834ab0
-
SHA512
3576c89c7d6466bb389f773003af9bc0adc09aa98b2267b3e21429b15695f991e3354a03f79a3ec065b50938a39711e84cd6ebe2074c3b460cadd95361a0c3ea
-
SSDEEP
3072:tE+lkmmQQ0MaJ3rd02Jp2blZiNbOqTBfnl7+Ag0FuWv2tpItDnJ8CAvpdPGhJi:Gsk/ibevB2bOqTBPl7+AOqUwKPGhJi
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\184f60df3eb796a4dcee95c11c3978e4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\184f60df3eb796a4dcee95c11c3978e4_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /C "route.exe print > "C:\Users\Admin\AppData\Local\Temp\184f60df3eb796a4dcee95c11c3978e4_JaffaCakes118.tda""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ROUTE.EXEroute.exe print3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD54b299a6b075810d0f0c123c002e21b95
SHA16b73eba006add2bc284d05be68d47ca35be47441
SHA256b677c7ed82658ecf91d42bb21169c52068c8e1f88309674d6c2408a0bc35ce5f
SHA5125a57c554863c5c434d727e7462503fe0cafc0fb1d7ac9d87979731bad21a3290c90b8b2e2c554862eacc9d498717e01fe32b7e38fdfd555cf2eaa75a1748932c