8d45b5e997e8412c305d11635078b8d9efc7fea50b5b4921b4abd116361b2d43

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe
Size

132KB
MD5

47c9ac524600b0b6975421d34fa7e35f
SHA1

367ec4412d9a54b1869780af5eb84ad8067c44eb
SHA256

8d45b5e997e8412c305d11635078b8d9efc7fea50b5b4921b4abd116361b2d43
SHA512

725a5b9f4274897e29fe5b48d685230779354e93faf1d85bc2fb84dc3e89677b502078f8faf9ee89e5b4a8b25abb805bbd8e6b246297f48723f78f564a00202f
SSDEEP

3072:joW8n7SsoLEvlmEi0kjmUJ6EbfQKcYQoBOAtBW97mjcuNObwMT3:E1sOlQbrt9BW97mjcPwMT

Score

5^/10

Malware Config

Signatures

Drops autorun.inf file 1 TTPs 4 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\Autorun.inf	47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe
File opened for modification	C:\Autorun.inf	47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe
File created	F:\Autorun.inf	47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe
File opened for modification	F:\Autorun.inf	47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Explorer.exe	47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Runonce.exe	47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2460	47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\47c9ac524600b0b6975421d34fa7e35f_JaffaCakes118.exe"
1⤵
- Drops autorun.inf file
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\302.tmp

Filesize
766B

MD5
b307615f94b255ef7c9dfc1cd5804443

SHA1
0e03a3bd0ac11d5af7a34ee2ceb6830278d4749b

SHA256
bbab838ac4b019cd6cd71406fa1bb9ede3a470c9050b0bbd88205d4b126be000

SHA512
f29b5153962c5f6e153d73c92126a38a7f0d1348a33d38f67699d277a14b3c562359c7e4754055caae165d8c40bbf86cfb3026358d52ab0b2b44d7bb7fd4a481

Download Submit
C:\Setup.exe

Filesize
132KB

MD5
47572e9573e3b75b10aa14713bbbf609

SHA1
826a9240783403a3c15fcecf22556b3e35fccbb1

SHA256
07219971adf082eb2ea0dced1f9c3579712a0a46f3ca573f3bb72ac235c4a7bb

SHA512
aa1b91d3c85b9d04a9a6c89da06b5184cf7a64dc081a313c05900222e5b43f8ea3962c4a0ed95d1d14c3d1c8a1dbae906b2ad858a66a632b4df49d336ecdd5cf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads