46234949af62291242805d2f33a6af522efce251cfc053465be677d29a2a19fd

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe
Size

1.8MB
MD5

495ed03e17c27fa4c20deb6bd435dc2c
SHA1

4ff6f239ed7adf13368e0ba8df0d44230837085a
SHA256

46234949af62291242805d2f33a6af522efce251cfc053465be677d29a2a19fd
SHA512

ccfc6a43c9a22f022ea95399cda607c26dccd4b5d031c18891a897fd94c502dd280c8083061a23a6474477a1085c995d8e6f978d25741016db5b06e39bd991cc
SSDEEP

24576:f1kXXvxyJp759Potg4rfYF1NLpw5aopS/IVyCRE/a8Gg9bnRvOmpC9L58jXWeSvH:f1I56947yLGgZR7M2GeSuc78LA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2084	ffffff.Exe
2800	suportfile.Exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2084	3060	495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe	30
PID 3060 wrote to memory of 2084	3060	495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe	30
PID 3060 wrote to memory of 2084	3060	495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe	30
PID 3060 wrote to memory of 2800	3060	495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe	31
PID 3060 wrote to memory of 2800	3060	495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe	31
PID 3060 wrote to memory of 2800	3060	495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe	31
PID 2800 wrote to memory of 2836	2800	suportfile.Exe	32
PID 2800 wrote to memory of 2836	2800	suportfile.Exe	32
PID 2800 wrote to memory of 2836	2800	suportfile.Exe	32
PID 2084 wrote to memory of 2816	2084	ffffff.Exe	33
PID 2084 wrote to memory of 2816	2084	ffffff.Exe	33
PID 2084 wrote to memory of 2816	2084	ffffff.Exe	33

C:\Users\Admin\AppData\Local\Temp\495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\495ed03e17c27fa4c20deb6bd435dc2c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\ffffff.Exe
  "C:\Users\Admin\AppData\Local\Temp\ffffff.Exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\ffffff.Exe
    C:\Users\Admin\AppData\Local\Temp\ffffff.Exe
    3⤵
    PID:2816
- C:\Users\Admin\AppData\Local\Temp\suportfile.Exe
  "C:\Users\Admin\AppData\Local\Temp\suportfile.Exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\suportfile.Exe
    C:\Users\Admin\AppData\Local\Temp\suportfile.Exe
    3⤵
    PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ffffff.Exe

Filesize
455KB

MD5
bf3c1f671f121628fc964cabf472a19b

SHA1
da4b2223eea9723cfe1b570eba33b650bc80d315

SHA256
b37cf7ec35578d632d7b7d733469f05efc8522422323da059ddf2d3c75e8145e

SHA512
cd16c6101deb99eac27ec78a2d350474029cd44fc5032704b1c71548a3104f48f840b75bf333ca4dc996872a5ded7e87ba031cc9838454459c755b37dabc5d13

Download Submit
C:\Users\Admin\AppData\Local\Temp\suportfile.Exe

Filesize
455KB

MD5
b0b3e82bf01f657a40d05de4951bb51f

SHA1
b5dbb22a9bfc75cd3881a60d84f5d698fed01fcf

SHA256
127b73e86090068ecb213498da64f62860c13c8c28aefc5928778a88f1db0638

SHA512
9061f9f78250f076ccba54d9999165219709ab92d4e1c70ca302779f127fb7bebd3ff1c468c0f04be12092b84caf567f3eedf134bea24d9a7cd6596d2d1e3731

Download Submit
memory/2084-15-0x000007FEF6120000-0x000007FEF6ABD000-memory.dmp

Filesize
9.6MB

Download
memory/2084-14-0x000007FEF6120000-0x000007FEF6ABD000-memory.dmp

Filesize
9.6MB

Download
memory/2084-18-0x000007FEF6120000-0x000007FEF6ABD000-memory.dmp

Filesize
9.6MB

Download
memory/2800-17-0x0000000002240000-0x00000000022A0000-memory.dmp

Filesize
384KB

Download
memory/3060-0-0x000007FEF63DE000-0x000007FEF63DF000-memory.dmp

Filesize
4KB

Download
memory/3060-1-0x000007FEF6120000-0x000007FEF6ABD000-memory.dmp

Filesize
9.6MB

Download
memory/3060-2-0x000007FEF6120000-0x000007FEF6ABD000-memory.dmp

Filesize
9.6MB

Download
memory/3060-3-0x000007FEF6120000-0x000007FEF6ABD000-memory.dmp

Filesize
9.6MB

Download
memory/3060-13-0x000007FEF6120000-0x000007FEF6ABD000-memory.dmp

Filesize
9.6MB

Download