7fc57190388ab4a4454026b364d9a58a3ed0a193282500542a09984c12002532

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 11:55

Target

3d471a83ed7c39a7c1c6c30f542f690c_JaffaCakes118.exe
Size

106KB
MD5

3d471a83ed7c39a7c1c6c30f542f690c
SHA1

0095881939a2373587992c8630da1ccbc5cd5061
SHA256

7fc57190388ab4a4454026b364d9a58a3ed0a193282500542a09984c12002532
SHA512

f7550e10d7069b057ca6518dc040c8ddbe5edd6680325c615051d33464535b36bc69318dc85aee7a161f9afd57305abe8163b9dc5fabba8b7d941a4d5934a542
SSDEEP

768:ovAbpyCVU4NGMMD3016VY1q/miAK7TubFBCLmRdnukufMZg+sddagY8WL:oIdfgD3//zTACWZuDEZPseMWL

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2772	explore.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2772	explore.exe
2772	explore.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2772	2436	3d471a83ed7c39a7c1c6c30f542f690c_JaffaCakes118.exe	30
PID 2436 wrote to memory of 2772	2436	3d471a83ed7c39a7c1c6c30f542f690c_JaffaCakes118.exe	30
PID 2436 wrote to memory of 2772	2436	3d471a83ed7c39a7c1c6c30f542f690c_JaffaCakes118.exe	30
PID 2436 wrote to memory of 2772	2436	3d471a83ed7c39a7c1c6c30f542f690c_JaffaCakes118.exe	30
PID 2772 wrote to memory of 1188	2772	explore.exe	21
PID 2772 wrote to memory of 1188	2772	explore.exe	21
PID 2772 wrote to memory of 1188	2772	explore.exe	21
PID 2772 wrote to memory of 1188	2772	explore.exe	21
PID 2772 wrote to memory of 1188	2772	explore.exe	21
PID 2772 wrote to memory of 1188	2772	explore.exe	21

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\explore.exe

Filesize
29KB

MD5
3b176b217b93eac55225db0d258e7978

SHA1
cffe9297e90eadca5f13b6be894fa92f36112120

SHA256
21548c95754b64596917376fa61dce24519d6532342708aef4c5359d9f53f44a

SHA512
63a01c711e0dda23c78cbf4fd912b6b0d95c55bbdb9d2dc84533252263de8fed8a25e5f04917d2023d80a45618ac867fd42130d35dbdf197851f5924ed674223

Download Submit
memory/1188-12-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1188-19-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/2436-0-0x000007FEF588E000-0x000007FEF588F000-memory.dmp

Filesize
4KB

Download
memory/2436-1-0x000007FEF55D0000-0x000007FEF5F6D000-memory.dmp

Filesize
9.6MB

Download
memory/2436-2-0x000007FEF55D0000-0x000007FEF5F6D000-memory.dmp

Filesize
9.6MB

Download
memory/2436-4-0x000007FEF55D0000-0x000007FEF5F6D000-memory.dmp

Filesize
9.6MB

Download
memory/2436-34-0x000007FEF55D0000-0x000007FEF5F6D000-memory.dmp

Filesize
9.6MB

Download
memory/2772-15-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2772-33-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download