6add2a454018eeba77c4e166342fede8e225be1cb31052fc088db8acca0fbc12

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 02:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2458358ed082549ffe2375beff757256_JaffaCakes118.exe
Size

10KB
MD5

2458358ed082549ffe2375beff757256
SHA1

f8034cd0aec5950969f0b01e32ee033efe2cbfc4
SHA256

6add2a454018eeba77c4e166342fede8e225be1cb31052fc088db8acca0fbc12
SHA512

d330b2521460e063e5676861e045e96b0be591f699cc0e46f573732ec3dccd8efaf77b3f99eb64d4dede47ffa76d71c77f4e2b8e63b21c7bf8872dcf894b2842
SSDEEP

96:l83TEkbguePTfGKG3ljAvWC61WnV+doZvqxLXaWNx442LM/5hh8FV7GuqnQN2bqM:HkEuWDW3l0vdV+dAWLg42qhh8Fc8K

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1920	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1708	2458358ed082549ffe2375beff757256_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1920	1708	2458358ed082549ffe2375beff757256_JaffaCakes118.exe	28
PID 1708 wrote to memory of 1920	1708	2458358ed082549ffe2375beff757256_JaffaCakes118.exe	28
PID 1708 wrote to memory of 1920	1708	2458358ed082549ffe2375beff757256_JaffaCakes118.exe	28
PID 1708 wrote to memory of 1920	1708	2458358ed082549ffe2375beff757256_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\2458358ed082549ffe2375beff757256_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2458358ed082549ffe2375beff757256_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\kill.bat""
  2⤵
  - Deletes itself
  PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kill.bat

Filesize
218B

MD5
5bfe96adebbb9334a1a3ed37e9038bcd

SHA1
414582a957080935cc8cb61de1857c503d2f5d20

SHA256
a4a4bf136a1335ed199d9f26f0d0c8e2bb73c94f077a82bfc728d12d9697018a

SHA512
03160f31ce1fe23bc9b46fa47462004d144e7e7b1ca45e3fbb655ce883000584bd4dfc09db650e4baba742dbb19663b6bc2a146afee72798296599da3c3edabf

Download Submit
memory/1708-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1708-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1708-11-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download