02ebcc84a132faff6032d2a6fa3ed01b5cb24e9065da3968f84a90069f92c586

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
Size

873KB
MD5

4ccd66a88edc98309dc6030fbd53fe63
SHA1

448a729993742b3863ba437d481265c368014ffd
SHA256

02ebcc84a132faff6032d2a6fa3ed01b5cb24e9065da3968f84a90069f92c586
SHA512

9041c16edd6acd0296ba0d42b99642f93f96a23e2f4aba80eb06b1fe822a15b9be7301a3b98461740576d61ecc1c731c4f9c6dc2720eb98c344685b987cc78a2
SSDEEP

12288:uhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a0ErRgBsViVy8IThx8:+RmJkcoQricOIQxiZY1ia0EryBs0y1N2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 11 IoCs

pid	Process
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
2848	4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ccd66a88edc98309dc6030fbd53fe63_JaffaCakes118.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autA894.tmp

Filesize
162KB

MD5
9ee3131845e310d9b69a7d1b38df96ec

SHA1
a5552238e83d0fcc57e1acf9ce8630ceb9a03fe1

SHA256
60e175eb09d510089f5fef8680397e8a68e11fe1370ec7f6c0d619248a7163b7

SHA512
acc928fc8ceb5036f36756fc56e2311ddf3fe7d2babbc5865ff8ee692c97a33b4919060f0ef9d75c99866634f24be3d91733b050d17a68c021c1e1274576b7ce

Download Submit