8ece70a4835d5256f7c29545b1704458d9521b6749f19027f4c85d1819edb9d8

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 11:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

49ae73d57da5fce17357033be3e07628_JaffaCakes118.exe
Size

132KB
MD5

49ae73d57da5fce17357033be3e07628
SHA1

3e8871ddff7e24b9128abdaacbb5614817ba2301
SHA256

8ece70a4835d5256f7c29545b1704458d9521b6749f19027f4c85d1819edb9d8
SHA512

e591b0b868c8ced2c5717c0b2cf4df5db240dafacd25a1fa72f0f203f91d9b3b77b76256394a45c02d36ee939743fbd2db2b66b5685530541f3c8101e63837ab
SSDEEP

1536:OL/wKSmXc4ck7IwtCWAX4k/eftXDP+ocVNfYgwILCJpaAVSxXcbUiZXYtK:O/77tCWrhxDPhcHLCJ3VkXcbU9tK

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2424	CMD.exe

Gathers system information 1 TTPs 5 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
2244	systeminfo.exe
2720	systeminfo.exe
2644	systeminfo.exe
2928	systeminfo.exe
2836	systeminfo.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2424	2544	49ae73d57da5fce17357033be3e07628_JaffaCakes118.exe	30
PID 2544 wrote to memory of 2424	2544	49ae73d57da5fce17357033be3e07628_JaffaCakes118.exe	30
PID 2544 wrote to memory of 2424	2544	49ae73d57da5fce17357033be3e07628_JaffaCakes118.exe	30
PID 2544 wrote to memory of 2424	2544	49ae73d57da5fce17357033be3e07628_JaffaCakes118.exe	30
PID 2424 wrote to memory of 2244	2424	CMD.exe	32
PID 2424 wrote to memory of 2244	2424	CMD.exe	32
PID 2424 wrote to memory of 2244	2424	CMD.exe	32
PID 2424 wrote to memory of 2244	2424	CMD.exe	32
PID 2424 wrote to memory of 2720	2424	CMD.exe	35
PID 2424 wrote to memory of 2720	2424	CMD.exe	35
PID 2424 wrote to memory of 2720	2424	CMD.exe	35
PID 2424 wrote to memory of 2720	2424	CMD.exe	35
PID 2424 wrote to memory of 2644	2424	CMD.exe	36
PID 2424 wrote to memory of 2644	2424	CMD.exe	36
PID 2424 wrote to memory of 2644	2424	CMD.exe	36
PID 2424 wrote to memory of 2644	2424	CMD.exe	36
PID 2424 wrote to memory of 2928	2424	CMD.exe	37
PID 2424 wrote to memory of 2928	2424	CMD.exe	37
PID 2424 wrote to memory of 2928	2424	CMD.exe	37
PID 2424 wrote to memory of 2928	2424	CMD.exe	37
PID 2424 wrote to memory of 2836	2424	CMD.exe	38
PID 2424 wrote to memory of 2836	2424	CMD.exe	38
PID 2424 wrote to memory of 2836	2424	CMD.exe	38
PID 2424 wrote to memory of 2836	2424	CMD.exe	38

C:\Users\Admin\AppData\Local\Temp\49ae73d57da5fce17357033be3e07628_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\49ae73d57da5fce17357033be3e07628_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\CMD.exe
  CMD /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "C:\Users\Admin\AppData\Local\Temp\49ae73d57da5fce17357033be3e07628_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2244
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2720
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2644
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2928
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2544-0-0x000000007EFA0000-0x000000007EFAD000-memory.dmp

Filesize
52KB

Download
memory/2544-1-0x0000000000240000-0x0000000000256000-memory.dmp

Filesize
88KB

Download