8c9497278de033a7f5894dd78ee27d83df152d8fb7ae23e79994665df90aa137

Analysis

max time kernel
93s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cde73b3fcab71bd798b64324d2f7f72_JaffaCakes118.exe
Size

4.6MB
MD5

2cde73b3fcab71bd798b64324d2f7f72
SHA1

8cf026163e35309f3619e7c7fd3bbcd5039f0711
SHA256

8c9497278de033a7f5894dd78ee27d83df152d8fb7ae23e79994665df90aa137
SHA512

944c1619101dd5b38b7d52d4d4d756642c9dfbf64585061b884450bb12fd5a617c5080d2ba53a3e80238fbe89036fa55d8b8e1aed12ca1b461d97970d1cb26ca
SSDEEP

98304:ZbGShsnrcw5z+2PKxN3hBgkltacPU5uMpMXQHkw:ZyWsnrcUyxNxLHPOuxA/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2148	irsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2148	irsetup.exe
2148	irsetup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 2148	4848	2cde73b3fcab71bd798b64324d2f7f72_JaffaCakes118.exe	83
PID 4848 wrote to memory of 2148	4848	2cde73b3fcab71bd798b64324d2f7f72_JaffaCakes118.exe	83
PID 4848 wrote to memory of 2148	4848	2cde73b3fcab71bd798b64324d2f7f72_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\2cde73b3fcab71bd798b64324d2f7f72_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2cde73b3fcab71bd798b64324d2f7f72_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Users\Admin\AppData\Local\Temp\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\irsetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IRIMG1.BMP

Filesize
7KB

MD5
a7a2b905faa4521074bd20091a921301

SHA1
45b36a9b8b806f8b16d13368fdeae97c3db31573

SHA256
9f825018b7d97a7a31457f7f063c682dbc887696d34cd71d9f6f9a1a80f9265f

SHA512
6e6f293f47f04bda18ec45581b36adc301da3ee06b846f4ffe0e1d476b21dd2e1d678b21acf100fda29787a1b8af54b0a104abf57633ca61737b278676df720f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IRIMG2.BMP

Filesize
7KB

MD5
95145f4cead2c4bd2ec219bc87d83f1d

SHA1
5eec034dfc7d9a6d93c21f38dfe2405c8968f6ed

SHA256
0542cb1d3e6b50f78dc63ea1abec6c518cfd4ea203649df3ef3834309ea66cad

SHA512
081d9cfa0bc46a54fcf03a62e5663282d27f56e20fbeafba2833d6267de285a354915c661dd67a3217f4dc2330c7f49babf8b24a5a68ba5a014f5e1e297cc5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\IRIMG3.BMP

Filesize
7KB

MD5
0f7d40e22642200c60a5c52f93b092fa

SHA1
0b54677c8871477c1c03f9c08ef678f1d27bb098

SHA256
fcd05729d85a9ccebdd1d68acb9295235d669174637183fa5613f071b0e9d645

SHA512
9994a1a36bb2ac39ff6119602afa2bb8cbbf7ec9e68354b4bebb0822d3db841ed2a3493c0bbaf78aaffcd0c2b22e047a24641ebde943b753378db37e229d25be

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.dat

Filesize
6KB

MD5
5e864d7cd6cd6bf3a2be96d122f8fe6c

SHA1
b285bf156163e8ff50d2ea364fecce404e3898d7

SHA256
ba39254fdf7a7540da3274fede9a4de2767cf643d2d23fbd2eeecb0f3c412e91

SHA512
71b19a119d45fc8984afff3f687a7f9036d8cdd98cddfb7e22d72efc57f81465e516e88873b32016eed4b780c81dea3667e4a590906e63191f06d49b3a56426c

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.exe

Filesize
704KB

MD5
6f20d65c5af232700ddf7b3206d9c870

SHA1
527a7e3525dd9b0f3f6e0d508702e6816311b255

SHA256
593ad36de23204385eeadfe318972c2e9f01275e59fd00342ad5892be0b2c6b0

SHA512
3f038a87dc644994c68b1c2596aa499fc128a18bcab74766c81ea2bc6d5a86511a810af2700e87bfe85b28fe792a51795b4014a2145c01b122ca869a577538e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.ini

Filesize
119B

MD5
e0e73554782bb7ed94479e6331c110c7

SHA1
3e1d768ad1d9534625ff0d91ab0abbff705c2b7f

SHA256
0b277930036101fa26462845c2168408740f75a35aa0ade7bb5d2842d477ddaa

SHA512
66f6fd9b07c6b466fb4e39f70a5dc7dfbb4746e8c29e8206baeb97f08fee3a6f50826a7b4107fea21d20f0eb82904809146f87ce3083818f1ec55816a4494ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\suf6lng.4

Filesize
12KB

MD5
5930543afe37917c8e447635310009d5

SHA1
b012ad5d21489c97e2fdb27728e808200fceef07

SHA256
a084e98c6807381e118d47c1c65c591361f4159d87b3b4386ed347ca60c890a5

SHA512
073080d3233d21936fc8ddafd06bcde8eb15913577b1a7015cbdb3a8af13c7678e65f1afa2036e2fb59eebec55f8fbf025958d8490d13dea05a093534a4aff9b

Download Submit