e02f11936e95f126f4edf7eb086609bcc56bb25f99bfe46424447b369f9e79f9

Analysis

max time kernel
24s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 02:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3fd0abf0e9149d0bc32302b9398666bc_JaffaCakes118.exe
Size

549KB
MD5

3fd0abf0e9149d0bc32302b9398666bc
SHA1

3706281d7598d6bce6a26328e5f74aed185352b2
SHA256

e02f11936e95f126f4edf7eb086609bcc56bb25f99bfe46424447b369f9e79f9
SHA512

aae7a2a8fcd01b5249071b78c80172b085d26cf4f2a3980ded184be480bf6dc2466bf78724d308c2299dd92e4c1d28ebdf5ca3e2e37c189a61c80f4360839162
SSDEEP

12288:f4ajjas8iG0WLEmWEVvofSIQUBpKugecW/6+ykaI0:fNL/UgfSzvez2I0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	DllHost.exe

C:\Users\Admin\AppData\Local\Temp\3fd0abf0e9149d0bc32302b9398666bc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3fd0abf0e9149d0bc32302b9398666bc_JaffaCakes118.exe"
1⤵
PID:2120

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\288947_217568734960486_100001220834701_603809_7959667_O.JPG

Filesize
403KB

MD5
6ad03bcc0b0b8af4566be9946ebe5bce

SHA1
be0f80da7934420ec948b1fa35e5dc16481dd50c

SHA256
ec3b0e8bac1523ab1572e96d80b2c19c6af8875e972f527c2b5ef7988bf9647e

SHA512
c605e5e0752b1d1526dc54e91801f6bc1c646d16218eb6716fede7e07220fe344b000c40b302a5edc852fa7daef358a7741e0db73f6eb1aa10a8da8821e69bd1

Download Submit
memory/2120-1-0x0000000000390000-0x0000000000392000-memory.dmp

Filesize
8KB

Download
memory/2176-2-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/2176-4-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/2176-8-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download