ff31f27d6c5d08c3373bb693f8b70718560177eee9f24ddde534e629a447ceb3

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e4d2d725ef27843ad3fc16cccaf05e8_JaffaCakes118.exe
Size

6.2MB
MD5

3e4d2d725ef27843ad3fc16cccaf05e8
SHA1

64a6117fdb14c45b90424ce38922d92f14db42b1
SHA256

ff31f27d6c5d08c3373bb693f8b70718560177eee9f24ddde534e629a447ceb3
SHA512

1d329f144af7e37d1d3a648756f72ee40c0c3113a690ab23c3cb22a099ae0643256f58c8bf0c0ed0d46a26d796889ee11001020be4c2503b779f2a4883ed90e4
SSDEEP

98304:dIGRmEpPSY0dEhtEsWhox7DCMrxUV4ZkEshd4Eeg9m96Wu7Pgzhy7TTCO8d5YU:9tpPf0dEXNppZktd4Eeg66/7PYwaHYU

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1528	3e4d2d725ef27843ad3fc16cccaf05e8_JaffaCakes118.exe
1528	3e4d2d725ef27843ad3fc16cccaf05e8_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1528-0-0x0000000000400000-0x0000000000532000-memory.dmp	upx
behavioral1/memory/1528-73-0x0000000000400000-0x0000000000532000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3e4d2d725ef27843ad3fc16cccaf05e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e4d2d725ef27843ad3fc16cccaf05e8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Temp\1JR648G5\3e4d2d725ef27843ad3fc16cccaf05e8_JaffaCakes118\plugins\0\CustomUI.dll

Filesize
344KB

MD5
04eecd03af7eafb84b6581a5b37d275e

SHA1
3351059d04a2e9f9f0a3719083eeda03dab0f124

SHA256
39ba967edebb288f921c37348d7c21b05e3af40033e0eb386f35b4be2b04be50

SHA512
19088141aa48e1bb74202d09751006fa9182568750caa7e3132169c66c9fee4a784cb1139c954b1c940f9578cfa51be7474c09780cc6fda3022e69eeec9c21d9

Download Submit
\Temp\1JR648G5\unpack.dll

Filesize
34KB

MD5
705aa1dc6f5fb72a2182ffd2c95bfa2e

SHA1
08de4589e01d3f0f589209baf8b669fae04b5875

SHA256
ec8361e43f0f83d0da13261718b8791e5517375fce67b4055d390353a5b2ca00

SHA512
5d00edf396efc5c130e1e7071fe027afaaa35d4d746441a1f0e0736c4828941e55e49f5319f5c1739bd75d2b5e03504d59284b2754430e0053e3f8d5f2702e4d

Download Submit
memory/1528-0-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/1528-69-0x0000000002EF0000-0x0000000002F4C000-memory.dmp

Filesize
368KB

Download
memory/1528-74-0x0000000002EF0000-0x0000000002F4C000-memory.dmp

Filesize
368KB

Download
memory/1528-73-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/1528-86-0x0000000002EF0000-0x0000000002F4C000-memory.dmp

Filesize
368KB

Download