b7d7684918506d133335cec6576a8cfaaf8bf43c823f600d5e679151d2c1a616

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 11:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3d3c0479b156043751042ebb56e97054_JaffaCakes118.exe
Size

121KB
MD5

3d3c0479b156043751042ebb56e97054
SHA1

90697bb2245c23a2d443132138edeacc2abb4481
SHA256

b7d7684918506d133335cec6576a8cfaaf8bf43c823f600d5e679151d2c1a616
SHA512

fe388b7bb65f164d03865a83e8235c71366dd2882771d22fac462d1edf0a8e19cf74e4958db473be723707f39f6cbb2b8c8b7ab94b8ffd3c5d7c759ba80305fb
SSDEEP

1536:jNxxmEDtqrQ8NSP5re9zSCREd+blIUuKSbT10Zu3hpqlHg:RxQEDtqrQ5re9BS+blIpNtix

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2808	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2808	2096	3d3c0479b156043751042ebb56e97054_JaffaCakes118.exe	30
PID 2096 wrote to memory of 2808	2096	3d3c0479b156043751042ebb56e97054_JaffaCakes118.exe	30
PID 2096 wrote to memory of 2808	2096	3d3c0479b156043751042ebb56e97054_JaffaCakes118.exe	30
PID 2096 wrote to memory of 2808	2096	3d3c0479b156043751042ebb56e97054_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\3d3c0479b156043751042ebb56e97054_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3d3c0479b156043751042ebb56e97054_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Qqp..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Qqp..bat

Filesize
238B

MD5
e6e94473a97fe21e33ebdddb51170f3b

SHA1
1b54f1eb43a463be5365728f4ee211ff13a2f196

SHA256
e7a63e7eab9d17cdbb937ea49efe54df3e1902a98819cebd8d5dfa107c2de8eb

SHA512
f4837d2d8aedbeae8491fdf9145424cd16ce9b53795961c5f5585b5af29a85b2ccd158e3232fa8f0752ab5f3b8a13ea52c220ca77756b4afc0f9c93e7bf0dd54

Download Submit
memory/2096-0-0x00000000000B0000-0x00000000000C6000-memory.dmp

Filesize
88KB

Download
memory/2096-1-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2096-4-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download