437d41f01626c7be1419edecf6ebd41c45a66241ca4dbf31ae5cc592b3129bd8

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ad58147cb1bd7799ba3891234b11869_JaffaCakes118.exe
Size

2.9MB
MD5

2ad58147cb1bd7799ba3891234b11869
SHA1

6bbf0cea6932f9505f66336b0492d3fee15e5b8d
SHA256

437d41f01626c7be1419edecf6ebd41c45a66241ca4dbf31ae5cc592b3129bd8
SHA512

248a3e045150f3f68a900632ef97a63181bc9216259a311a27b7880aaad7eb61b48dc1e9114f87760a86ceeb366b95069332e2c7ad7e8997dfc4c1dc280a714a
SSDEEP

49152:U8or3OsOhqSsSXgfWXSxwu5ITmOTUTsc:UTbOsOnMWXSxwu5im

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2264	2ad58147cb1bd7799ba3891234b11869_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2ad58147cb1bd7799ba3891234b11869_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2ad58147cb1bd7799ba3891234b11869_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2264-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2264-1-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/2264-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download