Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 11:01

General

  • Target

    1b0a827018d69d55847f502b37e61bd9_JaffaCakes118.exe

  • Size

    152KB

  • MD5

    1b0a827018d69d55847f502b37e61bd9

  • SHA1

    42a1a100c57b10a533e18bacba3b0334bbfd8cb0

  • SHA256

    44a71431a1102439c0e466a1f56c1ff8311e74a5ee57acd4b47e5b8cb5389af4

  • SHA512

    efd4519286733feb02349ad26219c63787b4a14c17eaa260f06d14137c2a35fd39b035ba34cb8d3804fce1fd73a3d516d2401a597a91a9978cbde4b76c1219ce

  • SSDEEP

    3072:pmR5LCQThb6qHfpmPKzYIEeh7m8h+38oW4OUSKwFZai:AR5LfJCaDEe08h+3rZi

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b0a827018d69d55847f502b37e61bd9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1b0a827018d69d55847f502b37e61bd9_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:4604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\tmp.exe

    Filesize

    60KB

    MD5

    4eb649568d1c132f86c79182244099a1

    SHA1

    089058a0a738497b1d9031eb86ccee1c34575bba

    SHA256

    8650e4dcd84712ec6213119b06e718364a742567e7942a62c8503ac047f38f7f

    SHA512

    45c4de6b94b22c8453955efee7ee8641135b7405743010b72284e1e45aaf51a90beaf78f9b5078d167908e410279acd592fd5a0c2c52aa0c980e8741453209b7