1b9f04410b3558d5897640f73af935e85753de0af46ecc9cbb80198e627e5c26

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25a82c9c356469f181aed14e3670b556_JaffaCakes118.exe
Size

826KB
MD5

25a82c9c356469f181aed14e3670b556
SHA1

18819d6deeb293c83dc662bd79e0d545c5c98a0a
SHA256

1b9f04410b3558d5897640f73af935e85753de0af46ecc9cbb80198e627e5c26
SHA512

d6ef5ceb151cfc5ecb9da043bce2c98f8742ad58c5a5bdc35aa87789196b9710698ae04c379fa7bf53b7cace4ce2734ecb2c9aa857e4f3b0268165ac303cc131
SSDEEP

12288:EHLUMuiv9RgfSjAzRtyRVcF6k56bv8Yi0MoSNXaMYjvZRMjiNqhrMb8:etAR0VcT6DivORCkqSb8

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3032	25a82c9c356469f181aed14e3670b556_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3032-0-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral1/memory/3032-20-0x0000000000400000-0x00000000004B8000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/3032-20-0x0000000000400000-0x00000000004B8000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\25a82c9c356469f181aed14e3670b556_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25a82c9c356469f181aed14e3670b556_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\crypted.exe

Filesize
538KB

MD5
c6112dec5a56f9938e02ad1137021913

SHA1
1ff2c873f3dbf4a9ec9f51050b0f4258aa41cba4

SHA256
d8ac30640e53d53f82d9d7d0be16c243d681a76e6963856aa8a211b0c17df41e

SHA512
4fa1bdf9a31eab86a489c66b6df1a326643f5191984b942a03b4dd79cfa9a31d6633d74d4cd7f9e92885854f18872d982ea7771ca8a136330be33210208af77e

Download Submit
\Users\Admin\AppData\Local\Temp\Crypt.dll

Filesize
4KB

MD5
d837210daced01236ccc50baeb996f51

SHA1
2f9dee67b1af7e5a32cd10358356fcf87fcf5ada

SHA256
547ab733bd5d60e0bd0e31cb26649a8d5b80e10f2996c9bff21b026dd4494454

SHA512
935b3e7f5991537c0b053e3e961d74fc95f7902e916b2b88791482d20656435e43882ce75de1cc7312784e4de50c63a0d163a875b541cc0bd6e760a2e0751c00

Download Submit
memory/3032-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/3032-20-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download