49f282cc53187bb59824a1dd9b4a0e37e035716ed24f84522f0aec4866d28a0e

Analysis

max time kernel
18s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 20:51

Target

434ab3ed3650227918c573990bfcd6e5_JaffaCakes118.exe
Size

137KB
MD5

434ab3ed3650227918c573990bfcd6e5
SHA1

7421018e1a8cd5a54fe5dbb53c18bdec39a12c0c
SHA256

49f282cc53187bb59824a1dd9b4a0e37e035716ed24f84522f0aec4866d28a0e
SHA512

9539dd3ac1482f34eaa81e9d01df3ebfc8ed7ae8e148a3fa2afe1734724e15025bb7ce313079a6c86d158c32fe95a0a5d840519737f3130e7d2a6429f2a99a84
SSDEEP

3072:RAu8mt2HG0oWukt30moymTLNkiyVvZlIdhoZ0bVG2al:Rp8mMHG0qkt3HCxyxZ+oZ0Js

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2204	3rdib7034RD.exe

Loads dropped DLL 2 IoCs

pid	Process
2244	434ab3ed3650227918c573990bfcd6e5_JaffaCakes118.exe
2244	434ab3ed3650227918c573990bfcd6e5_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2204	3rdib7034RD.exe
2204	3rdib7034RD.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2204	2244	434ab3ed3650227918c573990bfcd6e5_JaffaCakes118.exe	29
PID 2244 wrote to memory of 2204	2244	434ab3ed3650227918c573990bfcd6e5_JaffaCakes118.exe	29
PID 2244 wrote to memory of 2204	2244	434ab3ed3650227918c573990bfcd6e5_JaffaCakes118.exe	29
PID 2244 wrote to memory of 2204	2244	434ab3ed3650227918c573990bfcd6e5_JaffaCakes118.exe	29
PID 2204 wrote to memory of 1376	2204	3rdib7034RD.exe	20
PID 2204 wrote to memory of 1376	2204	3rdib7034RD.exe	20
PID 2204 wrote to memory of 1376	2204	3rdib7034RD.exe	20
PID 2204 wrote to memory of 1376	2204	3rdib7034RD.exe	20
PID 2204 wrote to memory of 1376	2204	3rdib7034RD.exe	20
PID 2204 wrote to memory of 1376	2204	3rdib7034RD.exe	20

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Roaming\3rdib7034RD.exe

Filesize
50KB

MD5
8bbf9c351f81ba78a5581879caa48d68

SHA1
bd39864019afa2526243697dde9047e13afb7f8f

SHA256
c7795ea06de1c996077166dc353d191da97c62e11ef94d9f29d4c1b267ee2c81

SHA512
640b1521fa9956b2add8f320cd11e33d6a245ea1e6404af51254e1327ce8f7f926e54ffb115a5a60ae95578c2ef031d17bb51ff09e9ad485f98e4e0354e0dfad

Download Submit
memory/1376-18-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1376-25-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/2204-15-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2204-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2204-37-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2244-0-0x00000000749E1000-0x00000000749E2000-memory.dmp

Filesize
4KB

Download
memory/2244-1-0x00000000749E0000-0x0000000074F8B000-memory.dmp

Filesize
5.7MB

Download
memory/2244-2-0x00000000749E0000-0x0000000074F8B000-memory.dmp

Filesize
5.7MB

Download
memory/2244-12-0x0000000000C30000-0x0000000000C39000-memory.dmp

Filesize
36KB

Download
memory/2244-7-0x0000000000C30000-0x0000000000C39000-memory.dmp

Filesize
36KB

Download
memory/2244-21-0x00000000749E0000-0x0000000074F8B000-memory.dmp

Filesize
5.7MB

Download