Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
03-07-2024 19:09
General
-
Target
2371715d67a1276e25e85e3a4a6348fc_JaffaCakes118.exe
-
Size
47KB
-
MD5
2371715d67a1276e25e85e3a4a6348fc
-
SHA1
375b863f8dfcb32ca18423dc2d0e2187c32160fe
-
SHA256
d61219f60da350e0a603089c47b309cbaf782c88b23df61793ac4ca380540a8d
-
SHA512
e7d6a141f9e12d79373a28c48fe716b51a0b9a32c2b9beda830ef5e79a9de8aab3f005961de7b43efad532ea280dde34e83afbf284c710529eb31c19aa4eef32
-
SSDEEP
768:rEAWsclU1JRON4GjVNz6KZIm/rTyW6Ck9KVA+1mKsKrnWVxaZU0vhFfy:rWsccQpt6FirTyW3cKF1X5zWSZw
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2371715d67a1276e25e85e3a4a6348fc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2371715d67a1276e25e85e3a4a6348fc_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat" "2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
230B
MD53ef9d039376a3785ce179314a5ce9d99
SHA160ac5d823d68e0ab3da241e264736bb2ab28a25d
SHA2567082e749aba6168963dd243c796c757818707bc65f29b7de17c528880b915a1b
SHA5120fa7c8ea9e8c76cfaddbfb161300d1f0a8b1aa252e334f197ac38a535974eccfc0273caa5b7f0d01f2fe7d762cbb7b3479fb203fa6d9e849e81c7367776d4a22
-
Filesize
48KB
-
Filesize
56KB