b955394842ddb1aeb0391d3cad34a4e2a087b3844a4bb12b71967bbaca4a8b53

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bee690827fd9d58b83eae79b926b895_JaffaCakes118.exe
Size

2.0MB
MD5

3bee690827fd9d58b83eae79b926b895
SHA1

3b33c8c5b7526b72e5d4a5ac641facec52f854ee
SHA256

b955394842ddb1aeb0391d3cad34a4e2a087b3844a4bb12b71967bbaca4a8b53
SHA512

4455e30a810d7664d622592eceb93703cf378567830bc629329a74520111b258aaa34347a7ce3b5c345cead1b8ce4827c34f68e29829282a875995faca676042
SSDEEP

49152:3XJ/ySsiYLe+vDYUcS61Jck6ZmfWTF92TfpiRQKeU0nd1jg:HYaL+vlwck6ZmOTLyuQKeU0d1jg

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3044	3bee690827fd9d58b83eae79b926b895_JaffaCakes118.exe
3044	3bee690827fd9d58b83eae79b926b895_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3044-0-0x0000000000400000-0x0000000000465000-memory.dmp	upx
behavioral1/memory/3044-44-0x0000000000400000-0x0000000000465000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3044	3bee690827fd9d58b83eae79b926b895_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3bee690827fd9d58b83eae79b926b895_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3bee690827fd9d58b83eae79b926b895_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Temp\1JR1D85N\3bee690827fd9d58b83eae79b926b895_JaffaCakes118\splash.bmp

Filesize
195KB

MD5
430f46f743542f6729cc3a655d1c024e

SHA1
87024465f86d9ae9f0a13f494a369b174a7ba725

SHA256
0a71bb592493aeae57db22c3d8bce96f7ed763645ee18325ea9e9f7a5c083cfa

SHA512
4e96d4e0eb910e91b5c6733a727fff8f8c68ec39bf787726efabf8a2e86ebb37e0802ca07469322991dac74597f33e53ed783191173a12d5d9149f17df826955

Download Submit
\Temp\1JR1D85N\3bee690827fd9d58b83eae79b926b895_JaffaCakes118\plugins\0\StdUI.dll

Filesize
143KB

MD5
3343b7196292145aa6a9af2d79017c41

SHA1
2ccb2d001b7439084df4ea196b9a02c1970013f4

SHA256
382286ee90682fc8a7aa4c03890e42098f752cbbe52b3f4ab081f9262794da6a

SHA512
33396319b4d42055e9dfaa2359ee067501d6a3ae567015deb9f96a20fcf94356a21a2e233c6bfd663b371e1a5ffe8148f11c86bd1d98c1362fa48a4311862225

Download Submit
\Temp\1JR1D85N\unpack.dll

Filesize
34KB

MD5
780634f3f27147d1846745ae0160fb9f

SHA1
a675572a5a1b770e5081dbb8e82689160c2250c4

SHA256
2791bad82ceb45f2f45a6f32361d29cc5851ce591d1c9bbf60e5e1f735b46917

SHA512
4949d4f4f7eae7ac1ccc0b536da1c60e4a177bc6ef9dc94daf26c71eabb3fe842d2fd0e2722f4dd653990239833f2e8e3a7376969c1823de63b2807dac5a3447

Download Submit
memory/3044-0-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/3044-1-0x0000000000310000-0x0000000000375000-memory.dmp

Filesize
404KB

Download
memory/3044-41-0x0000000002D00000-0x0000000002D28000-memory.dmp

Filesize
160KB

Download
memory/3044-44-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/3044-45-0x0000000002D00000-0x0000000002D28000-memory.dmp

Filesize
160KB

Download