174549914d71bc2094c51fa93026d25a5b8596e562e08674c34c605617bdd542

Analysis

max time kernel
26s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe
Size

362KB
MD5

3e672337f1c3a4ce68b7bc50401a1b47
SHA1

1c7a36b2b1c3037b0ea8f4134128da3f3b219461
SHA256

174549914d71bc2094c51fa93026d25a5b8596e562e08674c34c605617bdd542
SHA512

359d52d48f67081d6c7923aa84dcf833621bf2144fd53b94713ad1f0e262d3fa09ef1f9dadd4892ceef0ca7c888a5200121a1df08c76802a58368f38997c193a
SSDEEP

6144:b1dlZro5ysCIfP7kKJBImImDyG4TrRERqyoJwREBtSWwLugv/scSDZSiBoYGD:b1dlZo5yjIfp0ocOqyjRS0WwRv/fSWY8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2848	CAOSZUL.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2848	1732	3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe	29
PID 1732 wrote to memory of 2848	1732	3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe	29
PID 1732 wrote to memory of 2848	1732	3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe	29
PID 1732 wrote to memory of 2848	1732	3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e672337f1c3a4ce68b7bc50401a1b47_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\CAOSZUL.exe
  "C:\CAOSZUL.exe"
  2⤵
  - Executes dropped EXE
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\CAOSZUL.exe

Filesize
42KB

MD5
ef6d4da258946c20b8f51ed60b33baf3

SHA1
d83226577825e67a8f77d0e87200dfa6847dfa0a

SHA256
ad835825461ed8d70a1ebd60f9753395ee94457b6bdf547fc6d8bfa09e2a1fbe

SHA512
0d4d2cafe751702d8bbc98f4728a871e1c681242b29f68d9569515412e0e3b54c4b922e256e424af538cececc9afafabefe574ae19717cc64156bbf55adc8a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\sfx.ini

Filesize
182B

MD5
ecb753f1d7823905eaf0cda2fb9bf5e4

SHA1
4965968431a8a48fbb1eb923e8948104ffc563fa

SHA256
dc1e7854b2a77d8c21c971fc6cf8c48fd939ff7e6b1463ef7b72a9439d8df750

SHA512
67a341bc999f307dc102b7c26a1cf1a90c8d0718f48cdb85e6dfebe3542198c06a1142dac83ab417cd2696f90ad8dbda7f7ed316efb1db5e8bf0161397c4b822

Download Submit
memory/2848-23-0x00000000745DE000-0x00000000745DF000-memory.dmp

Filesize
4KB

Download
memory/2848-24-0x0000000000A40000-0x0000000000A52000-memory.dmp

Filesize
72KB

Download
memory/2848-25-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/2848-26-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/2848-27-0x00000000745DE000-0x00000000745DF000-memory.dmp

Filesize
4KB

Download
memory/2848-28-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/2848-29-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download