cb7be3188ca0d9bfbf401c71b886383702362f7b1818adc24e0e33c21df4b1f3

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 05:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f1b41b94bec8ebf5c2d488a6c4de286_JaffaCakes118.exe
Size

319KB
MD5

2f1b41b94bec8ebf5c2d488a6c4de286
SHA1

8c10e930104a13f0c7ad3858a0dccf5b557cb83d
SHA256

cb7be3188ca0d9bfbf401c71b886383702362f7b1818adc24e0e33c21df4b1f3
SHA512

90e648dae99571ce426a32ab2f7ebc2051e6d72755146be8d8252efc8ca15ab27f277df3fd541e651961fe4bfc7f7d8df574fa22872147592945f096777d89d0
SSDEEP

6144:R2wKCBI33EtMEc5HwXUcaSwJXXSPTzHogf6iGLiihPva1o7aaPVAxBXChooco62:RlByEtBcxwX/aJ2TzVuii1i1oBOBXChE

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3052	2f1b41b94bec8ebf5c2d488a6c4de286_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3052	2f1b41b94bec8ebf5c2d488a6c4de286_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2900	DllHost.exe

C:\Users\Admin\AppData\Local\Temp\2f1b41b94bec8ebf5c2d488a6c4de286_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f1b41b94bec8ebf5c2d488a6c4de286_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:3052

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\77.jpg

Filesize
12KB

MD5
49e4f86dbff0bf7f28a5668e21b8b383

SHA1
8a9d65cc9d1463cb7f82f0248a0bca9dbaa1df25

SHA256
80c10f25e5e05aeb5be9da86b30266c1bf7bb6121144af039e8e5903cecf6c2f

SHA512
3bb533579870d558495f4fd4eaf82f7fb352f30c179113782b4fdd71bbaa82dc2aea3dd3434d0dfad9ae22f1e2c0c80d5aaf53fe776475731e06b7b12c77c508

Download Submit
memory/2900-7-0x00000000000B0000-0x00000000000B2000-memory.dmp

Filesize
8KB

Download
memory/2900-14-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2900-8-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/3052-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3052-6-0x00000000033C0000-0x00000000033C2000-memory.dmp

Filesize
8KB

Download
memory/3052-0-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/3052-1-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/3052-2-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/3052-10-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/3052-11-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/3052-13-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3052-12-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/3052-3-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/3052-15-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/3052-17-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download