352046feff8dd20530127bf6794353ac9c42891afffb4fc7cd7b151444ab9bf9

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b7bc0051ce8942ecce89e7172d81d7a_JaffaCakes118.exe
Size

20KB
MD5

4b7bc0051ce8942ecce89e7172d81d7a
SHA1

363612457c6f51d70b725e4ff6c7f3ce7bf4a1cd
SHA256

352046feff8dd20530127bf6794353ac9c42891afffb4fc7cd7b151444ab9bf9
SHA512

0a4f675b077cd1939cf3e845c8f0645cc62a86adccff118af3ccad40911eeeff8baa93f4f4c3675619200a3c43afa16cb43b475987b2e0291426b72d6c8e5718
SSDEEP

384:7LZPnqGM39DCuW3QSs1t9ST4evxFWzOllumKnCMHEprKGbi7/STam9xO:Vr+wuojitYcevm2uVkprKGbk7m9xO

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	4b7bc0051ce8942ecce89e7172d81d7a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	4b7bc0051ce8942ecce89e7172d81d7a_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1748	4b7bc0051ce8942ecce89e7172d81d7a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4b7bc0051ce8942ecce89e7172d81d7a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4b7bc0051ce8942ecce89e7172d81d7a_JaffaCakes118.exe"
1⤵
- Maps connected drives based on registry
- Suspicious behavior: RenamesItself
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-2-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download