9c8abb5b660c47f61385ec672e2e1711618ee824026538c58a15cc4ba6f341bc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118.exe
Size

748KB
MD5

4294baed4d87a403f7bf3f53c6182e78
SHA1

ddf486580003876f9e90757f2ed1623dcacfec92
SHA256

9c8abb5b660c47f61385ec672e2e1711618ee824026538c58a15cc4ba6f341bc
SHA512

9786175239c50d6083b212a5f21e4206b3814b4461da477f313bf34cd74ec529b617ff0c9f689796b9e4d2b12024eae506adbfa40812afd488c7875240a8e3b3
SSDEEP

12288:3OacOUtaZsbYjYUwDKR17tjTmMDaKAdp63d4HgJVGEQjO5hDkX/vqJzh:GOvZsVyjTmMDvA36rGghDkvyr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2252	SETUP.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 2252	3340	4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118.exe	84
PID 3340 wrote to memory of 2252	3340	4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118.exe	84
PID 3340 wrote to memory of 2252	3340	4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4294baed4d87a403f7bf3f53c6182e78_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Users\Admin\AppData\Local\Temp\SFX7B3B.tmp\SETUP.EXE
  C:\Users\Admin\AppData\Local\Temp\SFX7B3B.tmp\SETUP.EXE
  2⤵
  - Executes dropped EXE
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SFX7B3B.tmp\SETUP.EXE

Filesize
160KB

MD5
1cf00c58d5fa56baf85b3049dc4ce346

SHA1
df5be87e1a4dcaf91b8cb4553fd923334472db36

SHA256
38e510f515ecf370f8ee9d9b79410289c47ad357110260ee5a117f0ff2b96549

SHA512
03dde2b5ee3030385fc230aef3af360e6e8e993f4ef0235228181a8b48d781fd4c49d86d123a3e11aadf4f1c68dcd970f716392fb87db14a1c53f7ffd57b6fd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\SFX7B3B.tmp\SETUP.OP_

Filesize
5KB

MD5
5238e31ba938983f29c70a0739f7208b

SHA1
e3fb4936891650dc343a635b441c8a4d7ba05c46

SHA256
08fb1e04a9597f20b213ed25f2b254675e6a7bf7bb016524547a97cd5139ae58

SHA512
5b43dee6aa1f3c46e4ed726de0e786f1e70549840d9d100d47e4793f78b2646b47d48a8c465bdd4eb99f861f378f78dfbae1fc68dbc26041270a410e30ec8ee1

Download Submit