ca799166febd98e15edd129328412c276ec227c3a94f18d3501e27302970d722

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240708-en
resource tags

arch:x64arch:x86image:win10v2004-20240708-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe
Size

402KB
MD5

2f7f8e434f22d5557a476da1b398cc6f
SHA1

0b5d7c9b997814dce86010428a604fb7e803e157
SHA256

ca799166febd98e15edd129328412c276ec227c3a94f18d3501e27302970d722
SHA512

a0bbe6c14bca933404bd20919c8c78219ab0a93e6d9e475d86e6b06ebd00beef66d090c8d342f8dbfc0afb4ae409e8a1e7fc1497bb20c88c9bced96f68ff3042
SSDEEP

6144:2jQ/3jCf8Gb6XDH0GKzYPESX7M6/RfWrsrq21FAkv+iyfS8ARAtppMp2jP4j2vuR:1/3xJKzU7MAosfAP9qAYBj2vO

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe
2944	2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f7f8e434f22d5557a476da1b398cc6f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pts9182.tmp

Filesize
84KB

MD5
f6b6607d5594c3911e7f9d104420a7e7

SHA1
895d9355e1848b405a92ed677c1ad2edecf77138

SHA256
ab733c7618e96ae66d963115d89e63a1095af35778d417d2da79e365e5820f6a

SHA512
42a4f21d50a811742def1491f3be2f30191f5abe8d25fe368ae3122068de8c0997b8aaec1e99d5609f0284df2d7f385edf40e5355f186b1fb84fbf2ee40cd1c0

Download Submit
memory/2944-0-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/2944-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2944-6-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/2944-8-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download
memory/2944-9-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2944-12-0x0000000000400000-0x000000000053A000-memory.dmp

Filesize
1.2MB

Download