8bfcd79d81d878a298d717aa629b6fd0eeefe9d260b336637b3d1c9022997cd6

Analysis

max time kernel
140s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
17/07/2024, 19:48

Target

54845be2ce8c8f6dd4ffe0b5a08ad03d_JaffaCakes118.exe
Size

3.0MB
MD5

54845be2ce8c8f6dd4ffe0b5a08ad03d
SHA1

9234c7ca550dbec743fc07dd64df1bf737e8291b
SHA256

8bfcd79d81d878a298d717aa629b6fd0eeefe9d260b336637b3d1c9022997cd6
SHA512

d399e55ac1e87fdfa442dbf40d26236cc6a27e858f0286d6df1263921b60613a5fb1f10b84cca60c0762a818ed1ef0570da63f7c35c4baab576a7476c3f52aff
SSDEEP

49152:llD8jwLWqrEqiqhjo9WhGf6nBrjVHiRAtmBqzAFRGW8u/jCMXn1FTr3aAn:lB71rEojo9Df6pAkYiAYMX1Nn

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
3596	54845be2ce8c8f6dd4ffe0b5a08ad03d_JaffaCakes118.exe
3596	54845be2ce8c8f6dd4ffe0b5a08ad03d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3596	54845be2ce8c8f6dd4ffe0b5a08ad03d_JaffaCakes118.exe
3596	54845be2ce8c8f6dd4ffe0b5a08ad03d_JaffaCakes118.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nskAD68.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskAD68.tmp\Processes.dll

Filesize
56KB

MD5
cc0bd4f5a79107633084471dbd4af796

SHA1
09dfcf182b1493161dec8044a5234c35ee24c43a

SHA256
3b5388e13dab53d53e08791f492ed7d3094a0cee51e9841af83ce02534e0621c

SHA512
67ba90ec04366e07d0922ffb4dbbb4f12f90b6785b87700adaae29327db9ec2a03d750b229f858db0594f439499d6346fbf1ebc17c77162bf8da027515219ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskAD68.tmp\ioSpecial.ini

Filesize
702B

MD5
7c6d07aba59868925af5f75ec37412af

SHA1
7508fc59687cbce156ce5507b0db9c538433ee52

SHA256
93c33dae5d7bfb2f823ba03bec5a3331d5af369079287a72daca93f7ab0e8dda

SHA512
763fd61ba3099ad080ac8cd9bca6dc64e0d89a55490f225221b7c580ae0ae573baeb9bfadc78ba44b39491f2a802fb5283e4e3cfcd39164600f7b19ca8ec8ed4

Download Submit