f57a8817316b3afc64b2cfbb850bf32a08e35f690452495565c163cc9db5011a

Analysis

max time kernel
140s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62898aa8a6e9797b664580775265d28a_JaffaCakes118.exe
Size

7.1MB
MD5

62898aa8a6e9797b664580775265d28a
SHA1

58713bd8b54d57296e5b819b9d206bb815d2318a
SHA256

f57a8817316b3afc64b2cfbb850bf32a08e35f690452495565c163cc9db5011a
SHA512

32eb0dcf75a71a523f86a9fa93479e673c0402b3cc8b4f6a560211c47332b344f9f943b877271f2e8a794684d6c44945b61f30f38295cd57d69c5ed8978c9e84
SSDEEP

196608:2taUQF/PgKwf8J6/Vt8SoZn2g/1/UvAsUaZrq7EXF:2YUc/pX+VqnpUnZrVF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
404	irsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
404	irsetup.exe
404	irsetup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 404	908	62898aa8a6e9797b664580775265d28a_JaffaCakes118.exe	86
PID 908 wrote to memory of 404	908	62898aa8a6e9797b664580775265d28a_JaffaCakes118.exe	86
PID 908 wrote to memory of 404	908	62898aa8a6e9797b664580775265d28a_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\62898aa8a6e9797b664580775265d28a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\62898aa8a6e9797b664580775265d28a_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:908
- C:\Users\Admin\AppData\Local\Temp\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\irsetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IRIMG1.BMP

Filesize
7KB

MD5
35eead87779b244a1d2d36bc3811e348

SHA1
cb5a08f420649a543a0c14b372763e27398e06d3

SHA256
076dbc8364beda57e40cd3ea0a00e4d4ba0f07de905cdcdea26b18312bf0deaf

SHA512
955265a896db03d95ee12d1ec02c74f76b083907ee8b4dc956e0ae6c9cfa6f3191bc50ded306575fc240e2a16bb96da4de59b9f139ef5fd5fdad6706178876c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IRIMG2.BMP

Filesize
51KB

MD5
0bf7ad527e5d442818dd57c1a6f18956

SHA1
ebc4f6fae9e48cb7702981031120d8d6dd910bab

SHA256
f20a9c30f832609838b44b9de0853b10c9566978bc0922c6f8369d98a8c3d9de

SHA512
39d0b76d1f3ce6968f05bc22892ddc750f578a97f2f79fc622a1252501ff707338ba600a9ecd9a32c598d9a633b1439f31ba8d1130f47258b47e8382de56c0de

Download Submit
C:\Users\Admin\AppData\Local\Temp\IRIMG3.BMP

Filesize
52KB

MD5
7085dea1090c1ee4cba11fabc2de3d6f

SHA1
66bd97628be478150871b67b9b9e8151b0909fec

SHA256
05e12cfebe423ed5ea761547061f2c9cd471c42b988c3e22e9609216cc98297d

SHA512
6999f8028b69fc26a0d4fa52b02d5d3c43ea0b8bbbf059209ec8f960e3edf54b41d940343e772738b6aae66fe392329f17375181b3dfbed7963551b267e4f190

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.dat

Filesize
21KB

MD5
b7d713a350b1343374c7c5c13abdc72a

SHA1
127b775b016466a8e9d47535ee2490fbcd66a338

SHA256
281ab5125c928ac43a7b4fcb3a01fe02d07b88951108a9b4341b786368b92c8e

SHA512
c23191c2ec9bc1570829d497a7f1322ce39e8f36077ffb13080fe01d11d566493668645fce96fdaaadacaf732a53c9762ea8211075b409c5fd7b70a6a45ea83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.exe

Filesize
708KB

MD5
9433d5ac20edcf7d39c454fe2f67b43d

SHA1
b46be8abecd975d942bf28987bbda8686f079838

SHA256
3687a458ea72df00e771a62c3eff33849631c662f62c9bb4fa3c735cc2b51b39

SHA512
50fdfb6d8a5305970b65c772de6b1fe1f4791ea379821853579c99e72dc9c3e36d6e9129451ade3084616996abac84137a4446f9747c195695c5d49fd5073ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.ini

Filesize
119B

MD5
fa01faeb52db7a7c50621305f144fab0

SHA1
21d33a2d237f2fd457e495dfc23f3679a307970a

SHA256
9756308ff44643160f1063fc4e2b76b97577c48df758c3ffcfd93e2d385bd4f7

SHA512
7bea72ca42e8ad2f7405ab48a461931348f836ae3690ff00425e9b31de39ab3d1bb5726cb7745769e166c43637d250cbc63b1477c047f444abfe81cd3f76487a

Download Submit
C:\Users\Admin\AppData\Local\Temp\suf6lng.4

Filesize
12KB

MD5
5930543afe37917c8e447635310009d5

SHA1
b012ad5d21489c97e2fdb27728e808200fceef07

SHA256
a084e98c6807381e118d47c1c65c591361f4159d87b3b4386ed347ca60c890a5

SHA512
073080d3233d21936fc8ddafd06bcde8eb15913577b1a7015cbdb3a8af13c7678e65f1afa2036e2fb59eebec55f8fbf025958d8490d13dea05a093534a4aff9b

Download Submit