Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
10/07/2024, 22:12
General
-
Target
3699c64a6a0c60a7f36a40cdfc81a716_JaffaCakes118.exe
-
Size
295KB
-
MD5
3699c64a6a0c60a7f36a40cdfc81a716
-
SHA1
8721dae0aa4febac7812932a0e4806fe5131b4e1
-
SHA256
3860bc8732f7efc5912052773966842faef1a392dbd050ff2bb6a94b7046813b
-
SHA512
f31be43b2049500940af8069884dee2653505d8ae515608215cb8918780576cbabad6dc7cd20055a0e2f6e78612364e1f472d7fc179160d35fab1578deb3ad77
-
SSDEEP
6144:zzjdoLJ4kVTQBuOan33Dh0AblTBzl7AAO1s5KS4YL:HJovVccOAl0AJTVl7AiKdY
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3699c64a6a0c60a7f36a40cdfc81a716_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3699c64a6a0c60a7f36a40cdfc81a716_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /C "route.exe print > "C:\Users\Admin\AppData\Local\Temp\3699c64a6a0c60a7f36a40cdfc81a716_JaffaCakes118.tda""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ROUTE.EXEroute.exe print3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5b23e2ba2ababc63b07ba04ff8cc11022
SHA156121d9ae2be1d43dcb40b80ede4e1a49239cde8
SHA2568ded0842e2f7ceda84d1312ba543372f97fd9499ad54349ec2ebd06b9f1d67ce
SHA512e209e66d398b7fd148b414041e915062d55114dd64eb884cbd572d28f3258b49fa7306cff966312137b89f43f168775c7158f6c0f712ed5927a318df0d48f2ea