adcce226124a0f325a56da52e7142d37fd69a95b048e41cc878309d241620609

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59c57a0f8947f15b22d47c4652120748_JaffaCakes118.exe
Size

373KB
MD5

59c57a0f8947f15b22d47c4652120748
SHA1

d0217976d7d10c3cc15f4346813cf0dc6d8a176c
SHA256

adcce226124a0f325a56da52e7142d37fd69a95b048e41cc878309d241620609
SHA512

9098c10f14a1c813e1398d450b7f1b7dde6f8d95a17d843d201ae8c6cf482728a6b78d0d0836bf140aee366dcaa02ef7fbde141c0c55dd27a6f87faf6c532f6f
SSDEEP

6144:ElZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lLIUzaHomlRUQnhqbpF:EHLUMuiv9RgfSjAzRtysRf0F

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2140	59c57a0f8947f15b22d47c4652120748_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2140-0-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral1/memory/2140-20-0x0000000000400000-0x00000000004B8000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2140-20-0x0000000000400000-0x00000000004B8000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\59c57a0f8947f15b22d47c4652120748_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\59c57a0f8947f15b22d47c4652120748_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\crypted.exe

Filesize
85KB

MD5
fdc6d160f643bf9a62c7c6f091261b5e

SHA1
cbd76cbeddce6039165ed44bd405b41f7cefa940

SHA256
68c2e377ebd387f7a158b2f7b38fe802a6a7f4653f8ef8f3beac0211f2dd5208

SHA512
07982a964fae0779a358958f9c407111a6e80c682002d3a29c041e44602bc3eb675330169a3f50e16dfd9ce1bf2eea1e70fd97cca235c85c8fac3bb905e66047

Download Submit
\Users\Admin\AppData\Local\Temp\Crypt.dll

Filesize
4KB

MD5
d837210daced01236ccc50baeb996f51

SHA1
2f9dee67b1af7e5a32cd10358356fcf87fcf5ada

SHA256
547ab733bd5d60e0bd0e31cb26649a8d5b80e10f2996c9bff21b026dd4494454

SHA512
935b3e7f5991537c0b053e3e961d74fc95f7902e916b2b88791482d20656435e43882ce75de1cc7312784e4de50c63a0d163a875b541cc0bd6e760a2e0751c00

Download Submit
memory/2140-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/2140-20-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download