1875b0b5e9f7b94325e677fb223c515490271011bc779e60f914d9c18440b549

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fc4dc120e5c71ef0412322806761067_JaffaCakes118.exe
Size

421KB
MD5

3fc4dc120e5c71ef0412322806761067
SHA1

e94fb2a404dc9878003c6c50c7731dd1279a9e00
SHA256

1875b0b5e9f7b94325e677fb223c515490271011bc779e60f914d9c18440b549
SHA512

fa3446933ca05d36123072c029e4db55765bc506caa9a032eef4cd266e510eaf8c328f317de9d4e197b0dc27313333f2ad9dc8ebe5467a8d2c958c32c7d139d9
SSDEEP

12288:IoaM1tfcqOTEmhto3qHJLpVQ7U1lDLO4FRSng3TMjVT:Iob1CxYjqHhpWgbWUZQjVT

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2572	3fc4dc120e5c71ef0412322806761067_JaffaCakes118.exe
2572	3fc4dc120e5c71ef0412322806761067_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2572-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral1/memory/2572-63-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3fc4dc120e5c71ef0412322806761067_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3fc4dc120e5c71ef0412322806761067_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Temp\1JS0MOKK\3fc4dc120e5c71ef0412322806761067_JaffaCakes118\plugins\0\CustomUI.dll

Filesize
345KB

MD5
0fe39de528a1afa32ed1f5f10a02aa4e

SHA1
8651305d45126ad268b498eecab7db5cae570b7c

SHA256
2ad7b88bea948708cef7dd539567686b0662692802edf0bb544594306cef7c73

SHA512
74a2f59e7d2a788dda76c2566d7c827ecde4f3b5e16191586fbcab69b04f1436e0963b8dff97fbbe383e9c580c9fffe5a9a5fe11da8ede6b8d06dcb040c09e27

Download Submit
\Temp\1JS0MOKK\unpack.dll

Filesize
34KB

MD5
e619dbc708231336467add6b6f6ff99c

SHA1
cd9b0168d3d8259709098edea0d83834d580fbfb

SHA256
c66742cee46087844c244af84c91a464eeab5ac0fe57be6d9c7aef6daea54793

SHA512
5e5fb37db93eb11f7e0e7f5249e5733e6ecda3395ad51323d22bb1fbbf3e3b137c4554600faee5e53368426a0827add13862c3b400a7f54acbbbb2d9becfaf1e

Download Submit
memory/2572-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2572-60-0x0000000002B10000-0x0000000002B6D000-memory.dmp

Filesize
372KB

Download
memory/2572-63-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2572-64-0x0000000002B10000-0x0000000002B6D000-memory.dmp

Filesize
372KB

Download
memory/2572-76-0x0000000002B10000-0x0000000002B6D000-memory.dmp

Filesize
372KB

Download