907a746d1246e44e1a641a2a1db7efe7da7c9cfa0909f8879b9e316b766f1060

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe
Size

83KB
MD5

4d4f3c06fe7a15c4af5d22216c92ae7b
SHA1

624ff9db1195cf9bbeb2fe3a0fcc2f46ede37954
SHA256

907a746d1246e44e1a641a2a1db7efe7da7c9cfa0909f8879b9e316b766f1060
SHA512

43f7a17a40196afe4caa85988c2c82cb424f8fc9e54be5e25c90239acf58e0380a70b7ebcca6d76a28cde1d7bcd46b0b466f251c17964bbee072b4fee45aa205
SSDEEP

1536:YzzZUQ+ouPvKNsry8LmH+pI/Pu6hPBAMxl2y78QdD:2OqNsu8LRiJ9xlR7ZD

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2832	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2380	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	30
PID 2056 wrote to memory of 2380	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	30
PID 2056 wrote to memory of 2380	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	30
PID 2056 wrote to memory of 2380	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	30
PID 2056 wrote to memory of 2380	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	30
PID 2056 wrote to memory of 2380	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	30
PID 2056 wrote to memory of 2380	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	30
PID 2056 wrote to memory of 1856	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	31
PID 2056 wrote to memory of 1856	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	31
PID 2056 wrote to memory of 1856	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	31
PID 2056 wrote to memory of 1856	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	31
PID 2056 wrote to memory of 1856	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	31
PID 2056 wrote to memory of 1856	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	31
PID 2056 wrote to memory of 1856	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	31
PID 2056 wrote to memory of 2276	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	32
PID 2056 wrote to memory of 2276	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	32
PID 2056 wrote to memory of 2276	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	32
PID 2056 wrote to memory of 2276	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	32
PID 2056 wrote to memory of 2276	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	32
PID 2056 wrote to memory of 2276	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	32
PID 2056 wrote to memory of 2276	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	32
PID 2056 wrote to memory of 2512	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	33
PID 2056 wrote to memory of 2512	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	33
PID 2056 wrote to memory of 2512	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	33
PID 2056 wrote to memory of 2512	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	33
PID 2056 wrote to memory of 2512	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	33
PID 2056 wrote to memory of 2512	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	33
PID 2056 wrote to memory of 2512	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	33
PID 2056 wrote to memory of 2832	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	34
PID 2056 wrote to memory of 2832	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	34
PID 2056 wrote to memory of 2832	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	34
PID 2056 wrote to memory of 2832	2056	4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe	34

C:\Users\Admin\AppData\Local\Temp\4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4d4f3c06fe7a15c4af5d22216c92ae7b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /u /s "C:\Users\Admin\AppData\Local\Temp\TCGNetwork.ocx"
  2⤵
  PID:2380
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /u /s "C:\Users\Admin\AppData\Local\Temp\TCGNetwork.ocx"
  2⤵
  PID:1856
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /u /s "C:\Users\Admin\AppData\Local\Temp\TCGNetwork.ocx"
  2⤵
  PID:2276
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /u /s "C:\Users\Admin\AppData\Local\Temp\TCGNetwork.ocx"
  2⤵
  PID:2512
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C "C:\Users\Admin\AppData\Local\Temp\delme1.bat"
  2⤵
  - Deletes itself
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\delme1.bat

Filesize
316B

MD5
5fb4deae5d83b021d52721594957cad9

SHA1
697ac12224887c801254f541bed33b745b577b2e

SHA256
f59b2a8761916c296d1a11a662885bbf97143d44087904aa7a3a88ad1eff1264

SHA512
1189fadddfadb99aa371fa25fd117d516407e21db63d586ab85446fb3079d77b15ff70c73b325a931c9feb3221a8ca57606724bbdd03d8b3eb5de66b8f136c88

Download Submit