63c907fcc4fa72e7eb7e34e12d8734ec3d269a94783114b3b5f6a7b24cae9732

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28540b0309d47e0c26f519692d1e1af9_JaffaCakes118.exe
Size

65KB
MD5

28540b0309d47e0c26f519692d1e1af9
SHA1

408fe195872735e0ce0751c7eb3edab69a56f7e1
SHA256

63c907fcc4fa72e7eb7e34e12d8734ec3d269a94783114b3b5f6a7b24cae9732
SHA512

dc0a694711ba1129d22728ace2005a2e3ba832e4591438e0e3f914547a04c822f422c8159c5685f39ff82c31eb5bf5a5ec76e759206c18570961861b40d742b8
SSDEEP

768:eKF9GOFLBsJBhK3TbfQP8+ioDKBfbNV7kvEmWYYHG2BxVmVjGHdZwm2L3eOkq:1DjCa3nQU+ioQb7tmWYYm2Bx8pVL3Hkq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 1436	2432	28540b0309d47e0c26f519692d1e1af9_JaffaCakes118.exe	30
PID 2432 wrote to memory of 1436	2432	28540b0309d47e0c26f519692d1e1af9_JaffaCakes118.exe	30
PID 2432 wrote to memory of 1436	2432	28540b0309d47e0c26f519692d1e1af9_JaffaCakes118.exe	30
PID 2432 wrote to memory of 1436	2432	28540b0309d47e0c26f519692d1e1af9_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\28540b0309d47e0c26f519692d1e1af9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\28540b0309d47e0c26f519692d1e1af9_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\setcache.vbs"
  2⤵
  PID:1436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\setcache.vbs

Filesize
153B

MD5
093dbba4a1e0f9880778eaf47f806921

SHA1
a5778070509593f59f901b84d8d513aef5b4ee22

SHA256
3d5c520eec38189d07272bd32cf6194f82ed8009893eea4214368bdb0bd0a2d5

SHA512
f1441f383b3efeb9a7ae358b75a1bb31a3b5d37a94cb347f7c422400f2d7505e9fec75b7ccc94cc0e08e2dd600273ab690b897aa3cb24ab4a0b08a3153dbf58b

Download Submit
memory/2432-5-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download