Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
11-07-2024 07:44
General
-
Target
3841fd589b5c6de1277443f8ac20880f_JaffaCakes118.exe
-
Size
64KB
-
MD5
3841fd589b5c6de1277443f8ac20880f
-
SHA1
21cb0e0faa3691cb70bb1aae8cfae1ff1d461e01
-
SHA256
e6ea3c1ca861b57d28f485fffd9bb8dd08c4480ad4c993aeb50fd8576aceeab5
-
SHA512
c24dc1865187a2f950080e915efb98af1534803d27c96905858cf81cd7f76ef825333124d91017f61ab07b1afb5868edfbb80c344b2638740475c7007a2c19c3
-
SSDEEP
1536:ygVfaMlet+QcLAvQNgRizP4BC15p/RckwDU:vwMlbhLPK7Bg5p/LuU
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3841fd589b5c6de1277443f8ac20880f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3841fd589b5c6de1277443f8ac20880f_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\MSV\nvs3C47.tmp.bat" "2⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\System32\msiexec.exe" /i \n1E.msi /quiet2⤵
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
765B
MD5a4a4219ce5fdbaf2864b04ca4e453ac9
SHA198bf1383e8b2f4db0388ee139ae7fe06ff7a67a9
SHA2567ce64a6d79d1772713cf59d6575aec39f9fa00690d4c84cd2f160081b0d412c6
SHA51222f5668719a58a4c1692ceb8aae48af9d5a53527d96431410587fa1f3f67ec9b5f0660c87fa9d931343e1be9b0f56f03c3fcd431cc2d67b104450b2ef792baa8
-
Filesize
2KB
MD5deca4391df0c2dc0b47708dc2b9be3ba
SHA1ed44586716bf7de353b6935eacacdf995c6b4d42
SHA256d235475bbd0f8228b8dec5131c435ccb2506594f8931b1910c7d62aa1e5cbe67
SHA51280a030033d643698493f1bec74c8655c453fb4b2c556fec854a811870bfeea47abd60a4f9b169d414ab9619dbde8ba6ec45200160542972fe7a531ee09784bb1
-
Filesize
4KB
-
Filesize
12KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
12KB
-
Filesize
64KB