97bb19ac4d714c4fe80ba3c94f5bc388144660c3e793ae11fa3758a81e7b387d

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 09:18

Target

4dada7bc77a83863080a5dc962f5c72f_JaffaCakes118.exe
Size

48KB
MD5

4dada7bc77a83863080a5dc962f5c72f
SHA1

5662a8ac93802f396d287e4603006379af344487
SHA256

97bb19ac4d714c4fe80ba3c94f5bc388144660c3e793ae11fa3758a81e7b387d
SHA512

1ddc579c349b936710d83e500e02dac1122aadefff8f2598dd04ea575e7fb72a70927b97464f65a75308ca30c0fc0a89a318c97e39c620a33d4d6a8873c65f3f
SSDEEP

768:CploVlpQE2MQGc6rDh84nSwN15G4DRF/O71mJIe+bTLUWs+69DZQYaAq0:EYpQtMDc6fnpumJV+bTLUJfyl0

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
2608	4dada7bc77a83863080a5dc962f5c72f_JaffaCakes118.exe
2608	4dada7bc77a83863080a5dc962f5c72f_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\4dada7bc77a83863080a5dc962f5c72f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4dada7bc77a83863080a5dc962f5c72f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:2608

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsiF3C8.tmp\NSISdl.dll

Filesize
14KB

MD5
9c90c746adae5171c52b932080113331

SHA1
2eb66e61ad38a33aa6e6c245e84e0a78dfcc5460

SHA256
5b7be83ff4f023eba8d2d7ab972b067a904adc71f56a50cb367619cd116d0e92

SHA512
fca06b4b39fdd76002487a4f9a454bec5507b2355a0e4e2dfe044e2def52bbd01aa5d2a0077703f7b8814b248743fac2b84fd37f611e04281f7e5c428e245565

Download Submit