d8fde860cb891ed674887a2224ea84c61e26c11b0609b0b4a5d5b94cd9ff7aef

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe
Size

108KB
MD5

2d6b5daa6221fc6d7eb145abebfd4395
SHA1

64abee7f649c5eb712d244b7deab29ac6fdb3726
SHA256

d8fde860cb891ed674887a2224ea84c61e26c11b0609b0b4a5d5b94cd9ff7aef
SHA512

a34ff672fa38501d37d196db01efa820acaf0a2a7b895355f50d4d1a26ec182bd3be6a4d26808b353500f7ebc80667b096787224ecb9191edddf1bf81e6fa690
SSDEEP

1536:L3evrVrhkKzI79JZtrHEMwLXY7fXcPcpQ8c7WJtg3KDu:L3evrVrqxJZ9kMwLG1c7Ctg3X

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 1 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2136	2800	WerFault.exe	29

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2800	2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2136	2800	2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe	30
PID 2800 wrote to memory of 2136	2800	2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe	30
PID 2800 wrote to memory of 2136	2800	2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe	30
PID 2800 wrote to memory of 2136	2800	2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2d6b5daa6221fc6d7eb145abebfd4395_JaffaCakes118.exe"
1⤵
- Maps connected drives based on registry
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 192
  2⤵
  - Program crash
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads